漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
NetEase QAnything 跨站脚本漏洞
Vulnerability Description
NetEase QAnything是中国网易(NetEase)公司的致力于支持任意格式文件或数据库的本地知识库问答系统,可断网安装使用。 NetEase QAnything存在跨站脚本漏洞。攻击者利用该漏洞可以上传恶意知识文件,在用户聊天时触发XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A