We used chatbot code from IBM, and it was instantly vulnerable to XSS attacks

The repo reads like research code, and indeed seems to be an article's companion code plus platform example code. The code in question was committed in 2018 and never touched again.

That's no excuse, it pretty literally does "innerhtml = user_input" and it's awful. But it's not a flagship chatbot library from what I see, which probably lessens the impact of such awfulness.

I wrote about security threats for chatbots

https://floriantreml.medium.com/security-threats-and-securit...