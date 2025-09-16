Vulnerability Management, AI/ML
Yellow.ai chatbot vulnerability puts cookies at risk
Agentic artificial intelligence platform Yellow.ai's customer service chatbot, which is used by Sony, Domino's, and Hyundai, has been impacted by a reflected cross-site scripting flaw, which could be exploited to compromise session cookies and take over accounts, Cybernews reports.Intrusions involving the vulnerability could be conducted by providing a nefarious prompt that would generate an HTML answer containing hidden instructions for arbitrary code execution, followed by the execution of a malicious payload and the delivery of a user's session cookies, according to Cybernews researchers.In a subsequent conversation with a human support agent, attackers could execute the previously generated HTML code to pilfer cookies that would eventually result in the breach of Yellow.ai's customer support systems, researchers added. Such findings follow recent discoveries of vulnerabilities impacting other AI chatbots, including Lenovo's Lena customer service assistant, which was found to be affected by another XSS bug.
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related TermsBugBuffer OverflowDisassembly
You can skip this ad in 5 seconds