Vulnerability Details CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-63639
-
cpe:2.3:a:remyandrade:faq_bot_with_ai_assistant:1.0