CVE-2026-30048

| EUVD-2026-12866
2026-03-18 mitre GHSA-w3vx-52j6-9fjp

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 17:30 vuln.today
EUVD ID Assigned
Mar 18, 2026 - 17:30 euvd
EUVD-2026-12866
CVE Published
Mar 18, 2026 - 00:00 nvd
N/A

Tags

XSS

Description

A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when the chat history is reloaded. The issue is reproducible across multiple independent implementations of the widget, indicating that the vulnerability resides in the product itself rather than in a specific website configuration.

Analysis

A stored cross-site scripting (XSS) vulnerability exists in NotChatbot WebChat widget versions through 1.4.4, where user-supplied input in chat messages is not properly sanitized before being stored and rendered in the chat history. This allows attackers to inject arbitrary JavaScript code that executes whenever the chat history is reloaded, affecting all independent implementations of the widget. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-30048 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy