# Exploit Title: WebSocket Live Chat - Cross-Site Scripting# Date: 2018-05-22# Exploit Author: Alireza Norkazemi# Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?s_rank=1# POC :1) Create your account and click setting icon and go to profile
2) Put this payload into Status box :<script>alert('xss')</script>3) The payload will be executed if someone opens your profile
