漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution
Vulnerability Description
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ChatterMate 跨站脚本漏洞
Vulnerability Description
ChatterMate是Runix个人开发者的一个AI聊天代理软件。 ChatterMate 1.0.8及之前版本存在跨站脚本漏洞,该漏洞源于聊天机器人接受并执行恶意HTML/JavaScript有效载荷,可能导致客户端注入。
CVSS Information
N/A
Vulnerability Type
N/A