Security Advisory

CVE-2025-63639

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-07 00:00:00
Last updated 2025-11-12 19:54:49
Assigner mitre
State PUBLISHED

Description

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.