CVE-2026-39964: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baptisteArno typebot.io
TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded in a third-party site, the attacker's JavaScript runs in the host page's origin and can exfiltrate cookies and session tokens. This can result in any authenticated Typebot user (including those on the free tier) being able to create a bot with this payload. Shared bots are publicly accessible — no victim authentication is required. This issue has been resolved in version 3.16.0.
AI Analysis
Technical Summary
TypeBot, a chatbot builder tool, had a vulnerability (CVE-2026-39964) in versions before 3.16.0 where the viewer component rendered anchor tags containing javascript: URIs without filtering. This improper neutralization of input (CWE-79) enables cross-site scripting attacks when a bot author inserts a link with a javascript: payload. The malicious script executes in the context of the host page embedding the viewer, allowing theft of cookies and session tokens. The vulnerability affects authenticated users who can create bots and publicly shared bots accessible without authentication. The issue is fixed in version 3.16.0.
Potential Impact
Exploitation of this vulnerability allows execution of arbitrary JavaScript in the context of the host page embedding the Typebot viewer. This can lead to theft of cookies and session tokens, potentially compromising user sessions. Since shared bots are publicly accessible, victims do not need to authenticate to be targeted. The vulnerability affects authenticated Typebot users who can create bots with malicious payloads. The CVSS score is 5.4 (medium severity), reflecting limited scope and required user interaction (clicking the malicious link).
Mitigation Recommendations
This vulnerability has been resolved in TypeBot version 3.16.0. Users and administrators should upgrade to version 3.16.0 or later to remediate this issue. No additional mitigation steps are indicated in the vendor advisory or source data.
CVE-2026-39964: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baptisteArno typebot.io
Description
TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded in a third-party site, the attacker's JavaScript runs in the host page's origin and can exfiltrate cookies and session tokens. This can result in any authenticated Typebot user (including those on the free tier) being able to create a bot with this payload. Shared bots are publicly accessible — no victim authentication is required. This issue has been resolved in version 3.16.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
TypeBot, a chatbot builder tool, had a vulnerability (CVE-2026-39964) in versions before 3.16.0 where the viewer component rendered anchor tags containing javascript: URIs without filtering. This improper neutralization of input (CWE-79) enables cross-site scripting attacks when a bot author inserts a link with a javascript: payload. The malicious script executes in the context of the host page embedding the viewer, allowing theft of cookies and session tokens. The vulnerability affects authenticated users who can create bots and publicly shared bots accessible without authentication. The issue is fixed in version 3.16.0.
Potential Impact
Exploitation of this vulnerability allows execution of arbitrary JavaScript in the context of the host page embedding the Typebot viewer. This can lead to theft of cookies and session tokens, potentially compromising user sessions. Since shared bots are publicly accessible, victims do not need to authenticate to be targeted. The vulnerability affects authenticated Typebot users who can create bots with malicious payloads. The CVSS score is 5.4 (medium severity), reflecting limited scope and required user interaction (clicking the malicious link).
Mitigation Recommendations
This vulnerability has been resolved in TypeBot version 3.16.0. Users and administrators should upgrade to version 3.16.0 or later to remediate this issue. No additional mitigation steps are indicated in the vendor advisory or source data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-08T00:01:47.627Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a109994e1370fbb482dd156
Added to database: 5/22/2026, 5:59:48 PM
Last enriched: 5/22/2026, 6:15:04 PM
Last updated: 5/23/2026, 5:29:23 PM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.