WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4)