CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

EUVD-2025-205839

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

PT-2025-54212

Name of the Vulnerable Software and Affected Versions TrueConf Server version 5.5.2.10813 Description A CSV Formula Injection issue exists in TrueConf Server. A standard user can inject harmful spreadsheet formulas into exported chat logs by using a specially crafted Display Name. The vulnerabili...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

Stored Cross-Site Scripting (XSS)

Flowise is vulnerable to Stored Cross-Site ScriptingXSS. The vulnerability is due to improper sanitization of IFRAME elements in chat logs, which allows an attacker to inject malicious code that executes when an admin views the log...

Stored Cross-site Scripting (XSS)

flowise is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of FORM and INPUT elements in chat logs, which allows an attacker to inject malicious scripts executed when an admin views the log...

EUVD-2006-3664

Malware in sbrugna...

EUVD-2005-2956

Malware in sbrugna...

GHSA-WQ95-WR7M-26H4 Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

Cross-site Scripting (XSS)

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat logs, due to improper input sanitization. An attacker can access sensitive information or impersonate an administrator by injecting malicious HTML or scripts into chat...

LibreChat 授权问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An authorization issue vulnerability exists in LibreChat versions 0.0.6 through 0.7.7-rc1, which stems from a test endpoint exposure that could lead to the disclosure of arbitrary user chat logs...

Digital Forensic Investigation of the ChatGPT Windows Application

The ChatGPT Windows application offers better user interaction in the Windows operating system OS by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

ChuanhuChatGPT Security Bypass Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a security bypass vulnerability that originates when a username is provided via a client-side HTTP request, which...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a security bypass vulnerability that originates when a username is provided via a client-side HTTP request, which...

ChuanhuChatGPT 访问控制错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An access control error vulnerability exists in ChuanhuChatGPT version 20240802, which stems from improper handling of session data and lack ...

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. An Access Control Error vulnerability exists in Open WebUI version v0.3.8, which stems from improper access control that allows an administrator to view the chat logs of other administrators...