Chatty improper input sanitizing Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate (possible defacement) Chatty is a PHP-based chatscript allowing users to chat over the web. Subscribing with a username like this: <script>alert(%22xss%22)</script> would cause major xss in the chatroom. Nomenumbra