Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in stangirard/quivr
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Quivr 跨站脚本漏洞
Vulnerability Description
Quivr是Quivr开源的一个人工智能应用程序。 Quivr 存在跨站脚本漏洞,该漏洞源于 Upload Knowledge 功能存在存储型跨站点脚本 (XSS) 漏洞。攻击者利用该漏洞可以通过 URL 上传文件,从而允许插入恶意 JavaScript 代码。
CVSS Information
N/A
Vulnerability Type
N/A