CVE-2025-11952 – Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

CVE ID : CVE-2025-11952

Published : Oct. 22, 2025, 9:15 a.m. | 1 hour, 27 minutes ago

Description : Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through /Records/SendSummaryMail.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…