Release notes of ejabberd 2.0.4:
# MUC: Prevent XSS in MUC logs by linkifying only a few known protocols
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors related to links and MUC logs.
2.0.4 is now in portage
Arches, please test and mark stable:
Target keywords : "amd64 x86"
amd64/x86 stable, all arches done.
GLSA voting, please.
I'm tempted to say NO.
XSS => no, closing.