XSS in Baptistearno Typebot.io

CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly re…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.