77 matches found
EmbedAI 访问控制错误漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. An access control error vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
EmbedAI 安全漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A security vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
EmbedAI 跨站脚本漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A cross-site scripting vulnerability exists in EmbedAI version 2.1 and prior versions. An attacker exploiting this vulnerability could inject malicious JavaScript code...
PT-2025-4035 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injectio...
PT-2025-4031 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the FILE ID of the endpoint "/embedai/files/show/". Recommendations: For EmbedAI...
PT-2025-4030 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue has been found, allowing an authenticated attacker to write messages into other users' chat by changing the chat id parameter of the POST request "/embedai/chats/sen...
PT-2025-4036 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI affected versions not specified Description: A Stored Cross-Site Scripting issue has been found, allowing an authenticated attacker to inject malicious JavaScript code into a message that will be executed when a user opens the chat...
EmbedAI 访问控制错误漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. An access control error vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
EmbedAI 安全漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A security vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
EmbedAI 跨站脚本漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. EmbedAI suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could inject malicious JavaScript code into messages...
EmbedAI 安全漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A security vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
EmbedAI 安全漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A security vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
PT-2025-4029 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the CHAT ID parameter in the endpoint "/embedai/chats/load messages?ch...
CVE-2024-5185
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure...
CVE-2024-5185
CVE-2024-5185 concerns the EmbedAI application, where a CSRF weakness resulting from the absence of secure session management and weak CORS policies enables data poisoning. An attacker can lure a user to a malicious page that triggers the CSRF flaw, causing the user to upload and integrate incorr...
CVE-2024-5185 Data Poisoning in EmbedAI
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure...
CVE-2024-5185 Data Poisoning in EmbedAI
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure...