Chatty improper input sanitizing

Discovered by: Nomenumbra

Date: 21/5/2006

impact:moderate (possible defacement)

Chatty is a PHP-based chatscript allowing users to chat over the web.

Subscribing with a username like this: <script>alert(%22xss%22)</script>

would cause major xss in the chatroom.

Nomenumbra