source: https://www.securityfocus.com/bid/7190/info It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. As a result of this insufficiency an attacker may embed HTML code via a HTML form field or URI parameter of the Web Chat Manager user registration page. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible. http:///chat_dir/register.php?register=yes&username=OverG&email=alert%20 ("Test!")&email1=alert%20("Test!")