Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes.
Local Identifierfield, eg. an XSS payload such as
<img src=x onerror="alert('L ID')" />
Local Identifierfield and hit save.
Recent Changespage. The page immediately crashes with a stack trace and an error
An exception has been thrown during the rendering of a template ("Parameter "localIdentifier" for route "member_show" must match "[^/]++" ("<img src=x onerror="alert('L ID')" />" given) to generate a corresponding URL.").
The application state for broken pages is not recoverable unless changes are made to the database directly. This causes denial of service/lockout on certain features across the application and potential unintended behaviour in the flows that do still work.