Critical Vulnerability Information Vulnerability Title Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot Release Date 2025-10-08 Vulnerability Identifier INCIBE-2025-0548 Severity 3 - Medium Affected Resources Chatbot v2.3 Description INCIBE has coordinated the release of a medium-severity vulnerability announcement for Oct8ne Chatbot, a solution designed for online stores (e-commerce) and customer service. The vulnerability was discovered by Javier Hernández and José Manuel Jerónimo. This vulnerability has been assigned the following code: CVSS v4.0 Base Score: 5.3 CVSS Vector: AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/Sf:L/SA:N CWE Type: CWE-79 Solution The vulnerability has been fixed by the Oct8ne team in the latest version. Details CVE-2025-10869: Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by creating a transcript sent via email. The vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. CVE Information Reference Links Octane chatbot