Hello, Multiple cross-site scripting (XSS) vulnerabilities in Freichat component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via (1) the id or xhash parameters to /client/chat.php or (2) the toname parameter to /client/plugins/upload/upload.php. File: /client/chat.php Line: 53 POC: http://site/client/chat.php?id=1" >&xhash=1" File: /client/plugins/upload/upload.php Line: 91 POC:               
       
           

                                                                                                           

                           
    Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers. Best Regards.