Javier Hernández

**Name of the Vulnerable Software and Affected Versions** Oct8ne Chatbot version 2.3 **Description** A stored cross-site scripting (XSS) issue exists in Oct8ne Chatbot version 2.3. This allows an attacker to execute JavaScript code in a victim’s browser. The attack is performed by injecting a malicious payload through the creation of a transcript sent via email. Successful exploitation could lead to the theft of sensitive user data, such as session cookies, or the ability to perform actions as the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.