I was going through SourceForge for downloading PyDev Plugin and I encountered CrossSiteScripting vulnerability  in certain domains which is hosted by SourceForge. I am including the links which has the vulnerability,preventive measures  and also I am sending mails to the host.
I am reporting this issue as a matter of my personal interest and also for a better and safe Web.
Also I swear that I did not cause any havoc to the site and I am reporting this privately and have not disclosed it publicly.

Links :

[A]XSS Vulnerability:
Cross site scripting is a vulnerability in which malicious scripts are injected into the websites which can lead to a total breach of security when customer details are stolen or manipulated as mentioned by OWASP.


[ACTION= is the vulnerable parameter.Check for sanitizing of inputs before parsing them]

[ACTION= is vulnerable]

3.lmms.sourceforge.net/lsp/index.php?action="><SCrIpT>alert('You have an XSS')<%2FScRiPt>&amp;user=DerWeisbecker
[ACTION= is vuln.]



Please refer to,
[OWASP XSS CHEAT SHEET] https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
[XSS FILTER EVASION] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

I hope that you read it and take preventive measures to avoid this attack.
I repeat these are not *potential* but proved attacks which has ability even in taking control of the server.

Do reply to this mail address.
Awaiting your response.

Nishaanth Guna aka gameFace22