Hello, ## Description: The username of an account can be set to `..`. This makes it impossible to view the public profile of this account. ## POC: I have claimed the username `..` on the demo.weblate.org site. It is impossible to view this account's public profile page. Here is the public profile page: https://demo.weblate.org/user/../ ## Mitigation I recommend you filtering usernames to prevent them from starting with `.`. Thanks!

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Business Logic Errors