The following parameters in '/muc-room-edit-form.jsp' have been identified as being vulnerable to reflected XSS (Cross Site Scripting):
roomconfig_persistentroom
roomconfig_roomsecret
roomconfig_roomsecret2
See the attached Burp Suite report for further details.
Fixed by PR 446.