CVE-2026-30048

Name of the Vulnerable Software and Affected Versions NotChatbot WebChat widget versions through 1.4.4

Description A stored cross-site scripting (XSS) issue exists where user-provided input is not adequately sanitized before being stored and displayed in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code that executes when the chat history is reloaded. The vulnerability is present in multiple independent implementations of the widget, indicating a flaw within the product itself.

Recommendations Versions prior to 1.4.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.