funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."