CVE-2023-30096

Name of the Vulnerable Software and Affected Versions TotalJS messenger version b6cf1c9

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For version b6cf1c9, as a temporary workaround, consider validating and sanitizing user input in the user information field to prevent malicious payloads from being injected. Restrict access to sensitive features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.