Siyamapsekar2

**Name of the Vulnerable Software and Affected Versions** ChatterMate versions 1.0.8 and below **Description** ChatterMate is a no-code AI chatbot agent framework. Versions 1.0.8 and below accept and execute malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an `<iframe>` payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as `localStorage` tokens and cookies, resulting in client-side injection. **Recommendations** Upgrade to version 1.0.9 to address this issue.