Details
Description
The chat window can execute XSS payloads, thus one can infect all the users who have joined the room/meeting. The XSS is persistent and that can lead to Denial of Service.
A simple popup which alerts 9 can make it hard for other user to use it.
One can check the POC by trying to log-in at the demo server provided: https://om.alteametasoft.com/openmeetings/