September 17, 2025 // Vulnerability | #Reflected XSS #LLM Security #Input Sanitization

Yellow.ai’s Own Chatbot Got Tricked Into Generating Malicious Code, Reports - CX Today

Researchers discovered a reflected Cross-Site Scripting (XSS) vulnerability in Yellow.ai's chatbot, which could be tricked into generating malicious HTML/JavaScript code. This flaw enabled attackers to steal support agent session cookies, potentially leading to account hijacking and data exfiltration from customer support platforms.

Source: Original Report ↗
← Back to Feed