Chaturbate: Passive stored XSS at broadcast room

The hacker found that a specially crafted app names could insert a small amount of data into an A tag's href in the "Broadcaster is running these apps: " chat text. Because of the character limit this required multiple successive clicks on different app names, and in the example utilised the room...