Improper Filtering of Special Characters in Chain Sea AI Chatbot Backend URL Parameters Allows for Remote XSS Attack

Improper Filtering of Special Characters in Chain Sea AI Chatbot Backend URL Parameters Allows for Remote XSS Attack

CVE-2021-44163 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.

Learn more about our Web Application Penetration Testing UK.