CVE-2026-24399

Publication date

2026-01-24 00:05:37

Family

GitHub_M

State

PUBLISHED

Description

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.</p> </div> </div> </div> </div> </div> </div> </div> <footer> <div class="container py-4 py-lg-10"> <hr> <div class="text-muted d-flex justify-content-between align-items-center pt-3" style="text-align: center;"> <p class="mb-10"><center>Copyright © 2026 eXtreme Hosting</center></p> <p class="mb-10"><center><a href="/gdpr/">Privacy Policy GDPR/AVG</a> | <a href="/algemene-voorwaarden/">Algemene voorwaarden</a></center></p> </div> </div> </footer> <script src="/template/assets/bootstrap/js/bootstrap.min.js"></script> <script src="/template/assets/js/startup-modern.js"></script> </body> </html><img style="display: none;" src="https://telemetry.extremehosting.nl/Analy/?api=0C44A78F-C43E-4700-990A-0F40CE4B4A51&dtt=1746954019&urr=https://extremehosting.nl/cve/cve-details/CVE-2026-24399" />