Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in gaizhenbiao/chuanhuchatgpt
Vulnerability Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ChuanhuChatGPT 跨站脚本漏洞
Vulnerability Description
ChuanhuChatGPT是为ChatGPT/ChatGLM/LLaMA/StableLM/MOSS等多种LLM提供了一个轻快好用的Web图形界面。 ChuanhuChatGPT 20240410版本存在跨站脚本漏洞,该漏洞源于允许攻击者将恶意JavaScript代码注入聊天记录文件,从而会导致窃取用户数据、劫持会话、分发恶意软件和网络钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A