Chatbox · Chatbox · CVE-2020-35852
Name of the Vulnerable Software and Affected Versions:
Chatbox (affected versions not specified)
Description:
The issue is related to cross-site scripting (XSS) in Chatbox, where an attacker can upload any XSS payload with SVG or XML files. There is no restriction on file upload, leading to stored XSS.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.