2 matches found
CVE-2024-3570
creationtimestamp| type| source ---|---|--- 2024-04-12 07:24:23+00:00| seen| https://t.me/arpsyndicate/4552...
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...