While exploring the AI chatbot feature of pyng.co.in, we noticed an input field where users could send messages. At first, it seemed harmless — but our curiosity nudged us to test how it handled raw HTML.

We entered the following simple HTML tag as our message:

<h1>Hello from Het & Kaif</h1>

To our surprise, when the chat history was loaded on page refresh or revisit, the message was rendered exactly as HTML — not escaped, not sanitized.
This confirmed a stored HTML injection — the HTML was being stored server-side and rendered client-side without any filtering.

We also tried several other payloads to confirm the injection:

<b style="color:red">XSS</b>
<i onclick="alert('XSS')">Click me</i>
<div style="background:red;padding:10px">Injected DIV</div>
<b style="color:red">XSS</b>

However, since JavaScript execution was fully disabled, despite attempting multiple payloads and bypass techniques, we were unable to achieve any successful execution.