Fast Feed

How We Discovered a Stored HTML Injection in a Chatbot System ️

1 min read

Summary

  • Redacted.co.in, an AI-driven platform facilitating connections between users and verified experts, has been found to have a stored HTML injection vulnerability.
  • This flaw enables users to inject HTML into a target system, which is then stored in the application’s database and subsequently rendered onto a page.
  • It can lead to page defacements, phishing attacks or cross-site scripting (XSS) vulnerabilities, which could allow an attacker to inject malicious scripts, potentially accessing sensitive information or taking control of the affected system.
  • The discovery was made by cybersecurity researchers attempting to engage the platform’s chatbot in a benign test to inject some simple HTML.
  • However, upon further manipulation of the HTML, JavaScript execution was impossible as the script was fully disabled.
  • Responsible disclosure practices were followed, but the vendor deemed the report a duplicate, acknowledging prior awareness of the vulnerability.

By Shah kaif

Original Article