Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
NetEase QAnything 跨站脚本漏洞
Vulnerability Description
NetEase QAnything是中国网易(NetEase)公司的致力于支持任意格式文件或数据库的本地知识库问答系统,可断网安装使用。 NetEase QAnything存在跨站脚本漏洞。攻击者利用该漏洞可以上传恶意知识文件,在用户聊天时触发XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A