Binaryloc

**Name of the Vulnerable Software and Affected Versions** flashChat version 4.7.8 **Description** A cross-site scripting (XSS) issue exists due to improper handling of the channel title, also known as the room name, by the "who's online" feature. This allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For flashChat version 4.7.8, ensure that user input for channel titles is properly sanitized to prevent XSS attacks. As a temporary workaround, consider restricting the ability to create or edit channel titles until a fix is available.