Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
chamilo chamilo 1.9.4