CNNVD-202510-3140 Information

CNNVD ID

CNNVD-202510-3140

Related CVE

CVE-2025-11952

• CNNVD Published: 2025-10-22

Description (Chinese)

Oct8ne Chatbot是Oct8ne公司的一个聊天机器人。 Oct8ne Chatbot 2.3版本存在跨站脚本漏洞，该漏洞源于通过/Records/SendSummaryMail创建邮件记录时未验证输入，可能导致存储型跨站脚本攻击。

Description (English)

Oct 8ne Chatbot is a chat robot at Oct 8ne. There is a cross-site script loophole in version 2.3 of Oct8ne Chatbot, which stems from the failure to verify input when creating mail records through/Records/SendSummaryMail, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Oct8ne

Published

2025-10-22

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-oct8ne-chatbot