CVE-2021-44163

Name of the Vulnerable Software and Affected Versions: Chain Sea ai chatbot backend (affected versions not specified)

Description: The issue is related to improper filtering of special characters in URL parameters, allowing a remote attacker to perform JavaScript injection for a reflected Cross-site scripting attack without authentication. This can be exploited through API endpoints, although specific endpoints are not mentioned. The attack involves injecting malicious JavaScript code, potentially allowing the attacker to steal user data or take control of user sessions. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.