CVE-2026-24399 - ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

CVE ID : CVE-2026-24399 Published : Jan. 24, 2026, 12:05 a.m. | 40 minutes ago Description : ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...