{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24399", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-22T18:19:49.172Z", "datePublished": "2026-01-24T00:05:37.246Z", "dateUpdated": "2026-01-26T16:17:53.948Z"}, "containers": {"cna": {"title": "ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/chattermate/chattermate.chat/security/advisories/GHSA-72p3-w95w-q3j4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chattermate/chattermate.chat/security/advisories/GHSA-72p3-w95w-q3j4"}, {"name": "https://github.com/chattermate/chattermate.chat/commit/ff3398031abb97ae28546eaf993fed3619eaffdd", "tags": ["x_refsource_MISC"], "url": "https://github.com/chattermate/chattermate.chat/commit/ff3398031abb97ae28546eaf993fed3619eaffdd"}, {"name": "https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9"}], "affected": [{"vendor": "chattermate", "product": "chattermate.chat", "versions": [{"version": "< 1.0.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-24T00:05:37.246Z"}, "descriptions": [{"lang": "en", "value": "ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9."}], "source": {"advisory": "GHSA-72p3-w95w-q3j4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-26T16:15:51.831434Z", "id": "CVE-2026-24399", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T16:17:53.948Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24399", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-22T18:19:49.172Z", "datePublished": "2026-01-24T00:05:37.246Z", "dateUpdated": "2026-01-26T16:17:53.948Z"}, "containers": {"cna": {"title": "ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/chattermate/chattermate.chat/security/advisories/GHSA-72p3-w95w-q3j4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chattermate/chattermate.chat/security/advisories/GHSA-72p3-w95w-q3j4"}, {"name": "https://github.com/chattermate/chattermate.chat/commit/ff3398031abb97ae28546eaf993fed3619eaffdd", "tags": ["x_refsource_MISC"], "url": "https://github.com/chattermate/chattermate.chat/commit/ff3398031abb97ae28546eaf993fed3619eaffdd"}, {"name": "https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9"}], "affected": [{"vendor": "chattermate", "product": "chattermate.chat", "versions": [{"version": "< 1.0.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-24T00:05:37.246Z"}, "descriptions": [{"lang": "en", "value": "ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9."}], "source": {"advisory": "GHSA-72p3-w95w-q3j4", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-26T16:15:51.831434Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T16:15:52.860Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chattermate:chattermate:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A56F451-616D-4BCC-8D6D-BFC3D82FB697", "versionEndExcluding": "1.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9."}], "id": "CVE-2026-24399", "lastModified": "2026-02-12T16:05:57.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-24T01:15:50.393", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/chattermate/chattermate.chat/commit/ff3398031abb97ae28546eaf993fed3619eaffdd"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/chattermate/chattermate.chat/security/advisories/GHSA-72p3-w95w-q3j4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:02:03.411522+00:00", "value": {"mitigation_remediation": ["Upgrade ChatterMate.chat to version\u202f1.0.9 or later, which removes the injection vector.", "If an upgrade cannot be performed immediately, remove or escape all <iframe> tags and javascript: URIs from user chat input before rendering them in the browser.", "Implement a strict input validation policy to allow only safe HTML elements and attributes, ensuring that no executable scripts can be injected through the chatbot interface."], "summary": {"action": "Immediate Patch", "impact": "Client-side data theft via XSS"}, "threat_synthesis": {"affected_systems": "Users of the ChatterMate.chat framework running version 1.0.8 or older are affected. The flaw exists in the open\u2011source implementation hosted on GitHub, and version 1.0.9 and later contain the fix.", "description_and_impact": "The vulnerability is a stored cross\u2011site scripting flaw in ChatterMate.chat that allows an attacker to inject and execute malicious HTML and JavaScript payloads through chatbot input. The flaw specifically processes <iframe> tags containing javascript: URIs, which are executed in the victim\u2019s browser. As the payload runs with the page\u2019s privileges, an attacker can read client\u2011side storage such as localStorage and cookies, potentially exposing authentication tokens or personal data. The weakness is a typical input validation issue classified as CWE\u201179.", "risk_and_exploitability": "With a CVSS score of 9.3 the vulnerability is considered high\u2011severity. The EPSS probability is less than 1\u202f%, indicating a low likelihood of exploitation at present, and the issue is not listed in the CISA KEV catalog. The likely attack vector is a user who can send arbitrary chat input to a deployed instance of the framework; if that instance is publicly reachable, any visitor could target the browser session. Once exploited, the attacker gains client\u2011side execution, enabling theft of tokens, cookies, and other sensitive data stored locally."}}}}, "created": "2026-01-26T11:48:52.131879+00:00", "updated": "2026-04-18T03:15:35.424923+00:00", "vendors": ["chattermate", "chattermate$PRODUCT$chattermate.chat"]}