Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 username and 2 CFTOKEN parameter in a index.cfm and 3 CFTOKEN and 4 CFID parameter in b chat.cfm...