Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse
Vulnerability Description
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Discourse AI 跨站脚本漏洞
Vulnerability Description
Discourse AI是Discourse开源的一个 AI 插件。 Discourse AI存在跨站脚本漏洞,该漏洞源于当将Discourse AI Bot对话分享到帖子中时,如果对话中有HTML实体,当用户使用一个对话框访问帖子时,这些实体可能会泄露到Discourse应用程序中。
CVSS Information
N/A
Vulnerability Type
N/A