CVE-2025-10869 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

EUVD-2025-34610

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869

CVE-2025-10869 describes a Stored Cross-site Scripting (XSS) vulnerability in Oct8ne Chatbot v2.3. The issue allows an attacker to inject JavaScript via a transcript created for an email-sent interaction, executed in the victim’s browser. The attack surface includes the /Data/SaveInteractions flo...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

Oct8ne Chatbot 跨站脚本漏洞

Oct8ne Chatbot is a chatbot from Oct8ne. A cross-site scripting vulnerability exists in Oct8ne Chatbot version v2.3, which stems from stored cross-site scripting and could lead to an attacker executing JavaScript code in the victim's browser...

EUVD-2025-34466

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

CVE-2025-60374

This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...

PT-2025-42183

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

WordPress ChatBot plugin <= 7.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin ChatBot versions = 7.7.3...

WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin ChatBot versions = 7.3.9...

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM that stems from the Chatbot module not filtering user input, which could lead to a stored...

Exploit for CVE-2025-60374

CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XS...

📄 Perfex CRM Chatbot Cross Site Scripting

Perfex CRM's chatbot feature suffers from a persistent cross site scripting vulnerability. CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XSS in Perfex CRM Chatbot ⚠️ Security Advisory A critical Stored Cross-Site Scripting vulnerability in Perfex CRM's chatbot feature --- 📋 Overview A...

How Your AI Chatbot Can Become a Backdoor

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor...

EUVD-2021-15905

Malware in sbrugna...

Intercom Chatbot Misconfiguration

Intercom is a solution to build & deploy AI customer experiences. If the identity verification is not enabled, an attacker can impersonate an other user and access to the previous conversations and data. This detection is included in the AI and LLM category. No source data...

GHSA-7R4H-VMJ9-WG42 Flowise Stored XSS vulnerability through logs in chatbot

Description In the chat log, tags like input and form are allowed. This makes a potential vulnerability where an attacker could inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive...