Cinza

**Name of the Vulnerable Software and Affected Versions** phpMyChat-Plus version 1.98 **Description** The issue concerns a reflected XSS vulnerability that can be exploited through JavaScript injection into the password reset URL. Specifically, the `pmc username` parameter in the `pass reset.php` URL is vulnerable. **Recommendations** For phpMyChat-Plus version 1.98, consider disabling access to the `pass reset.php` endpoint until a patch is available, or restrict the use of the `pmc username` parameter to minimize the risk of exploitation.