LangBot, a global IM bot platform for large language models, stores and displays user‑supplied content without proper sanitization in its web UI. Prior to version 4.8.7, raw HTML is rendered by the rehypeRaw plugin, allowing a malicious user to inject arbitrary scripts into the page. This forms a cross‑site scripting vulnerability that could let an attacker execute code in the browser of any authenticated or unauthenticated user who views the affected page, leading to theft of session tokens, defacement, or other browser‑based attacks. The weakness aligns with CWE‑79, which describes improper neutralization of code in user data.

The vulnerability impacts all installations of LangBot running a version earlier than 4.8.7. The affected product is LangBot from the vendor langbot-app. No specific sub‑version ranges are listed beyond the defined cutoff of 4.8.7, so every deployment prior to that release is considered vulnerable.

The CVSS score of 6.3 indicates a moderate severity rating, and the EPSS score of less than 1% suggests exploitation probability is currently low. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been widely exploited in the wild. Attackers would likely inject a malicious HTML payload via any input field that the bot platform renders, and the injected script would execute in the context of the user’s browser. Because the vulnerability is limited to client‑side execution without privileging, the impact is confined to user session compromise rather than full system compromise.