Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114306HistoryJun 20, 2024 - 12:00 a.m.
NextChat < 2.11.3 Server-Side Request Forgery
2024-06-2000:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
nextchat
server-side
request forgery
vulnerability
7.3 High
AI Score
Confidence
High
NextChat (formerly ChatGPT-Next-Web) versions prior to 2.11.3 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the β/api/corsβ endpoint or to execute JavaScript in the application users browsers context.
No source data7.3 High
AI Score
Confidence
High