Package impact
NPM / @typebot.io/js
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39964 | medium | 5.4 | 5.4 | 7d ago | Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39964 | medium | 5.4 | 5.4 | 7d ago | Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers |