OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.