What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat atomchat allows Stored XSS.This issue affects AtomChat: from n/a through <= 1.1.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat atomchat allows Stored XSS.This issue affects AtomChat: from n/a through <= 1.1.8.
Explanation of Vulnerability in Simple Terms
AtomChat versions 1.1.8 and earlier contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. The vulnerability requires user interaction—typically clicking a crafted link—and can affect other users viewing the same content. An attacker with low privileges can inject code that steals session tokens or performs actions on behalf of other users.
What an attacker can do
Inject malicious JavaScript that runs in other users' browsers and steals their session data or performs actions on their behalf.
Potential impact on your site
Users' accounts and data are at risk if they interact with attacker-controlled content; session hijacking and unauthorized actions are possible.
Conditions required to exploit
Attacker must have a low-privilege account and the victim must click a malicious link or visit a page containing the injected payload.
Key dates
External resources