漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stored XSS in binary-husky/gpt_academic
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the `debug_log.html` file generated by the module. When an admin visits this debug report, the injected scripts can execute, potentially leading to unauthorized actions and data access.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GPT Academic 跨站脚本漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.9.0版本存在跨站脚本漏洞,该漏洞源于Latex Proof-Reading Module容易受到存储型跨站脚本攻击,可能导致管理员访问debug_log.html文件时执行恶意脚本。
CVSS Information
N/A
Vulnerability Type
N/A