3 matches found
CVE-2025-57203
MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...
PT-2025-39066
Name of the Vulnerable Software and Affected Versions MagicProject AI version 9.1 Description MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS issue within the chatbot generation feature accessible to authenticated admin users. The issue is located in the prompt parameter...
LiquidThemes MagicAI 安全漏洞
LiquidThemes MagicAI is an AI software from LiquidThemes, UK. A security vulnerability exists in LiquidThemes MagicAI version 9.1, which stems from insufficient cleanup of the prompt parameter input in the dashboard/user/generator/generate-stream endpoint, which could lead to a cross-site scripti...