Discussion

Sergio Medeiros

Vulnerability Operations @ Synack. InfoSec's Village Idiot. Documenting my journey of pivoting out of a decade long sales career to breaking

Sep 20, 2025

CVE-2025-57203: Stored XSS in MagicAI 9.1 (AI Chat) Enables Arbitrary JavaScript Execution

Discovered by: Michael Kim & Sergio MedeirosVendor: LiquidThemesProduct: MagicAI (a.k.a. MagicProject AI)Affected version: 9.1 (other versions untested)Impact: Arbitrary JavaScript execution in users’ browsers (stored XSS)Attack type: Authenticated r...

grumpz.net7 min read

#cve #bugbounty #hacking #cybersecurity-1 #cybersecurity #hacker #penetration-testing #bugs-and-errors #xss #php #developer

Responses

No responses yet.

Search Hashnode

CVE-2025-57203: Stored XSS in MagicAI 9.1 (AI Chat) Enables Arbitrary JavaScript Execution

Responses

Recent in Forum