Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The problem: Users are able to insert pieces of html both in their name when they request livehelp and in chat sessions. For example. If I where to input the following javascript inside a ""script"" tag and use it as my name...