n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the /chatWebSocket endpoint in the Chat Trigger node’s Hosted Chat feature, which did not verify...

EUVD-2025-38296

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-63639

The CVE-2025-63639 entry describes an XSS vulnerability in Sourcecodester FAQ Bot with AI Assistant v1.0, specifically in the chat feature where user input is not properly sanitized. Affected component: chat/messages handling in the FAQ Bot. Root cause: improper handling of user-supplied input le...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from the presence of stored cross-site scripting in the Chat feature, which could lead to the execution of arbitrary JavaScript code by a...

EUVD-2021-31058

Malicious code in bioql PyPI...

EUVD-2024-46879

Malicious code in bioql PyPI...

CVE-2025-5309

The chat feature within Remote Support RS and Privileged Remote Access PRA is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution...

CVE-2025-5309

The chat feature within Remote Support RS and Privileged Remote Access PRA is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution...

CVE-2025-5309

The chat feature within Remote Support RS and Privileged Remote Access PRA is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution...

PT-2025-25569 · Unknown · Privileged Remote Access +1

Name of the Vulnerable Software and Affected Versions: BeyondTrust Remote Support versions affected versions not specified BeyondTrust Privileged Remote Access versions affected versions not specified Description: The chat feature within Remote Support and Privileged Remote Access is vulnerable t...

CVE-2025-24972

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

CVE-2024-49344 IBM OpenPages session fixation

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-5711

A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the...

CVE-2024-53994 Potential bypass of chat permissions in Discourse

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as community, email, and chat rooms. Discourse suffers from a security vulnerability that stems from the fact that users may still be contacted under certain circumstances eve...

PT-2024-37088 · Unknown · Stitionai/Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This issue is du...

AnythingLLM 跨站脚本漏洞

AnythingLLM is a document chatbot that meets business requirements. A cross-site scripting vulnerability exists in AnythingLLM that stems from a stored cross-site scripting XSS vulnerability in the chat functionality...

Cross site scripting

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...