Lenovo chatbot vulnerability exposes session data and risks.

Researchers found Lenovo’s AI chatbot, Lena, can be tricked into running unauthorized scripts and leaking session cookies through XSS vulnerabilities. A single crafted prompt exploited multiple flaws, allowing attackers to steal cookies and potentially access customer support systems. The issue stems from weak input/output sanitization and unchecked chatbot outputs, exposing Lenovo to serious security risks. Lenovo has acknowledged the problem and taken steps to secure its systems.

Read more:

https://cybernews.com/security/lenovo-chatbot-lena-plagued-by-critical-vulnerabilities/