CVE-2025-63639

Name of the Vulnerable Software and Affected Versions Sourcecodester FAQ Bot with AI Assistant version 1.0

Description The application’s chat feature is susceptible to Cross-Site Scripting (XSS) because of inadequate handling of user-provided input. An attacker can inject malicious HTML or JavaScript into chat messages, leading to execution within the browser of any user viewing the conversation. The chat feature is affected. The vulnerable component allows for the injection of malicious code through user input.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing all user-supplied input before displaying it in the chat feature.