This vulnerability in AtomChat versions up to 1.1.8 is a stored cross-site scripting (XSS) issue caused by improper neutralization of input during web page generation. An attacker can inject malicious scripts that are stored on the server and executed when other users access the affected content. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) reflects network attack vector, low attack complexity, requiring low privileges and user interaction, with scope changed and low impact on confidentiality, integrity, and availability. No patch or vendor advisory is provided in the data, and no known exploits have been observed.

Successful exploitation allows an attacker to execute arbitrary scripts in the context of other users, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability. The impact is rated medium severity with limited but meaningful consequences.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation and output encoding controls where possible. Monitor vendor channels for updates and apply patches promptly once released.