LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17148