216.73.216.86

CVE-2025-11952

· Published 22/10/2025 09:15 · Modified 22/10/2025 21:12

Labels: CVE-2025-11952 2025-10-22CVE-2025-11952CWE-79[email protected]

Essential information

Published
22/10/2025 09:15
Modified
22/10/2025 21:12
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through /Records/SendSummaryMail.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oct8ne / chatbot cpe:2.3:a:oct8ne:chatbot:2.3:*:*:*:*:*:*:*

References