sz.chat version 4 allows injection of web scripts and HTML in the message box.
fortics szchat 4
CVE-2021-3279 wwwcvedetailscom/cve/CVE-2021-3279/