Debian Security Advisory 1774-1 – It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting (XSS) attacks.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76773/dsa-1774-1.txt
Source: https://packetstormsecurity.com/files/76773/Debian-Linux-Security-Advisory-1774-1.html