Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user inputReferenceshttp://packetstormsecurity.com/files/134252/Cryptocat-Script-Insertion.htmlhttps://www.openwall.com/lists/oss-security/2013/07/10/15https://tobtu.com/decryptocat.phphttps://packetstormsecurity.com/files/cve/CVE-2013-4103https://www.securityfocus.com/bid/61093
