A vulnerability in a chat app allowed users to send a code snippet, or stanza, through the XML system that gave them admin privileges and the ability to inject code into the chat. This allowed them to exploit the chat's bot system and lock the chat so that anyone who joined would be immediately removed.