Micro.company Form CVE-2026-22463
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.
AnalysisAI
Stored XSS in Micro.company Form to Chat App versions up to 1.2.5 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session data and stealing sensitive information. The vulnerability stems from insufficient input sanitization during form processing and requires user interaction to trigger. No patch is currently available for this medium-severity flaw.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Micro.company Form to Chat App form-to-chat. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.
Affected ProductsAI
Product: Micro.company Form to Chat App form-to-chat.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today