What is CVE-2026-30048?

CVE-2026-30048 is a vulnerability in N/a. Published 2026-03-18.

Is CVE-2026-30048 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2026-30048

A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker…

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0xN4no/CVE-2026-30048

References

www.npmjs.com/package/@developer.notchatbot/webchat
app.unpkg.com/@developer.notchatbot/webchat@1.4.4
gist.github.com/0xN4no/0601f398942a29259d217ea650f694fe
github.com/0xN4no/CVE-2026-30048

Frequently asked questions

What is CVE-2026-30048?: CVE-2026-30048 is a vulnerability in N/a. Published 2026-03-18.
Is CVE-2026-30048 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.