Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.
Advisories for Npm/@Rocket.chat/Livechat package
2022