CVE-2025-53858
Description
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ChatLuck V6.6 R2.0 and earlier has an XSS vulnerability in Chat Rooms, allowing authenticated attackers to execute arbitrary scripts in users' browsers.
The vulnerability is a cross-site scripting (XSS) issue in the Chat Rooms feature of ChatLuck. Insufficient input sanitization allows an attacker to inject malicious scripts that are executed when other users access the chat room [1][2].
An attacker must have a low-privileged account (e.g., a regular user) and rely on user interaction (e.g., viewing the chat room) to trigger the script. The CVSS v3 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) reflects these requirements [2].
Successful exploitation leads to arbitrary script execution in the victim's browser, potentially enabling session hijacking, defacement, or theft of sensitive data [2].
The developer has released ChatLuck V6.7 R1.0, which fixes this vulnerability. Users are advised to update their installations promptly [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.