{"data":{"id":"96d1f9d6-2186-43da-9cbd-aabe0e1014c5","title":"CVE-2025-65098: Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows s","summary":"Typebot, an open-source chatbot builder, has a vulnerability in versions before 3.13.2 where malicious chatbots can execute JavaScript (code that runs in a user's browser) to steal stored credentials like OpenAI API keys and passwords. The vulnerability exists because an API endpoint returns plaintext credentials without checking if the person requesting them actually owns them.","solution":"Update to Typebot version 3.13.2, which fixes the issue.","labels":["security","privacy"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-65098","publishedAt":"2026-01-22T20:16:48.370Z","cveId":"CVE-2025-65098","cweIds":["CWE-79","CWE-200","CWE-284","CWE-311","CWE-522","CWE-639","CWE-862","CWE-79","CWE-522"],"cvssScore":"7.4","cvssSeverity":"high","severity":"high","attackType":["data_extraction","pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["Typebot","OpenAI","Google Sheets","SMTP"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00028,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116","CAPEC-122","CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}