GHSA-4VRC-M9CH-6M3R Open WebUI has stored XSS via the HTML renedering view

Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

Click2Magic Cross-Site Script Vulnerabilities

Click2Magic is an intelligent customer communication platform developed by Click2Magic Corporation. Version 1.1.5 of Click2Magic contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of chat message inputs, which may lead to storage-based cross-site...

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

CVE-2026-24399

ChatterMate (no-code AI chatbot framework) is vulnerable in versions 1.0.8 and earlier due to input-processed HTML/JavaScript payloads. An iframe payload containing a javascript: URI can be processed in the browser context, allowing access to client-side data (localStorage tokens, cookies) and re...

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from insufficient cleanup and escaping of chat message input fields in the chat feature, which could lead to a stored cross-site scripting...

CVE-2021-21400

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give...

CVE-2021-33488

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook...

CVE-2025-20139

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit thi...

Ai3 QbiBot 跨站脚本漏洞

Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. Ai3 QbiBot v8.0.9.b1 and prior versions suffer from a cross-site scripting vulnerability that originates from not properly filtering user input, allowing an unauthenticated, remote attacker to insert JavaScript code into...

Web Portal People CMS 2.8 Open Redirection

==================================================================================================================================== | Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0...

CVE-2023-2399

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...

PT-2023-19340 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue concerns the QuBot WordPress plugin, where it fails to filter user input on chat. This allows malicious code to be inserted and reflected on the user dashboard...

Mitel MiVoice Connect Client Remote Code Execution Vulnerability

Mitel MiVoice Connect is Mitel Networks Canada's software for centralized management of Mitel Networks' call handling and collaboration tools. A remote code execution vulnerability exists in Mitel MiVoice Connect client versions prior to 214.100.1223.0. The vulnerability is related to the affecte...

fantabike.com XSS vulnerability

Open Bug Bounty ID: OBB-322133 Description| Value ---|--- Affected Website:| fantabike.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...