SecurityFocus reports:
The ejabberd application is prone to a cross-site scripting
vulnerability.
An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site and to steal cookie-based authentication credentials.