Fixed bug #10298: Various XSS issues in the BE user admin module