Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Posted date 08/10/2025
Identificador
INCIBE-2025-0548
Importance
3 - Medium
Affected Resources
  • Chatbot v2.3.
Description

INCIBE has coordinated the publication of one medium-severity vulnerability affecting Oct8ne Chatbot, a solution aimed at online shops (e-commerce) and customer service. The vulnerability was discovered by Javier Hernández and José Manuel Jerónimo.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2025-10869: CVSS v4.0: 5.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution

The vulnerability has been fixed by the Oct8ne team in the latest version.

Detail
  • CVE-2025-10869: Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
CVE
Explotación
No
Nuevo Fabricante
Oct8ne
Identificador CVE
CVE-2025-10869
Severidad
Media
References list
Oct8ne chatbot
Etiquetas