XSS code debug

Hello , i have a chat script ,which working with many guest levels and many admin levels . the problem that some people can run VBscripts which make them get authorities as admin while they are only a guest he can run them via a browser called "SlimBrowser" You can get it from the following link: [login to view URL] after you install it , you can check the problem go to the following link (it is one of our chat rooms) : [login to view URL] Type any nickname (example : nickname = abcd ) then press the button. and wait for loading , after loading it going to show a table contain room names choose any room now you are in the chat . Then go to View menu >> Explorer Bar >> Script Pad , Type one of the following codes [**CODES**] code to Change all Guest Nick names : javascript:[login to view URL](top.ct.sel_uid,"Type new name here.") code to Kick all users javascript:[login to view URL](top.ct.sel_uid,"Type name here.") show all users javascript:[login to view URL](top.ct.sel_uid,0 -1, -1, -1, -1, 3); force change your nick name : javascript:[login to view URL]("Type name here") get master ID : javascript: [login to view URL] (top.ct.sel_uid, 0) Kick all Guset users : javascript:[login to view URL](top.ct.sel_uid,"") Kick all Guset users : javascript:[login to view URL](top.ct.sel_uid,"") Close Room javascript:[login to view URL] (rps=1001) change PIC ( SetUserDef ) ... call [login to view URL](4): newicon=3 fake logout call [login to view URL]("logout") sending msg and your are not on the room call [login to view URL]("ur msg here") vbscript hacks get any room ID javascript:alert([login to view URL]) [**CODES**] Then press run script it one of the small icons in the left pane after it run you will get authority as same as admins , i want to disable those commands I have attached the source code of the page need to fix that XSS on it Note : we already disable admins feathers .