Description
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
Exploits (1)
exploitdb
WORKING POC
by Simran Sankhala · textwebappsmultiple
https://www.exploit-db.com/exploits/49040
Scores
CVSS v3
8.0
EPSS
0.0299
EPSS Percentile
86.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-80
CWE-79
Status
published
Products (1)
touchbase.ai_project/touchbase.ai
< 2.0
Published
Nov 11, 2020
Tracked Since
Feb 18, 2026