MAL-2025-2561 Malicious code in chatbot-dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5af371ce3024a5ed217ff2baf8b2a9443cf92ae8a1993552e3679be6f83698a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

qubotchat < 1.1.6 - Unauthenticated Stored XSS

The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. PoC 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...