Description
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.
References
www.sourcecodester.com/...ss-and-javascript-source-code.html
github.com/...ty-Research/blob/main/CVE-2025-63639/README.md
