Shared Messaging

Chat App

The room feed renders raw message HTML and accidentally shows messages from other rooms in the default view.

CWE-79CWE-200
Back to hub Reload scenario

Expected Findings

  • Stored XSS via message content.
  • Cross-room message leakage in the default feed.

Signals

Validation
if (message.length > 0) send(message)
Developed by vibe-eval.com for validation and testing purposes only.