Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS) in parisneo/lollms
Vulnerability Description
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
LoLLMs 跨站脚本漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统。 LoLLMs 2.2.0之前版本存在跨站脚本漏洞,该漏洞源于AppLollmsMessage类的from_dict方法在反序列化时未对content字段进行清理或HTML编码,可能导致跨站脚本攻击,进而引发账户接管、会话劫持或蠕虫式攻击。
CVSS Information
N/A
Vulnerability Type
N/A