70 matches found
NextChat < 2.11.3 SSRF
Binary data nextchatCVE-2023-49785.nbin...
NextChat < 2.11.3 SSRF
The remote host contains a torchserve version that is prior to 2.11.3. It is, therefore, affected by a Server Side Request Forgery vulnerability in the api/cors endpoint. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
VulnCheck KEV: CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
Cross site scripting
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
CVE-2023-49785 NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
CVE-2023-49785 NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
CVE-2023-49785
NextChat/ChatGPT-Next-Web (CVE-2023-49785) is affected up to version 2.11.2 and earlier. The vulnerability enables Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) via the /api/cors endpoint, allowing read access to internal HTTP endpoints and, in some cases, write access. Attack...
NextChat Code Issue Vulnerability
NextChat is a program for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat 2.11.2 and earlier versions, which stems from the presence of a server request forgery SSRF and cross-site scripting XSS vulnerability. An attacker can exploit the...
PT-2023-8836 · Nextchat · Nextchat
Name of the Vulnerable Software and Affected Versions: NextChat versions 2.11.2 and prior Description: The issue concerns a server-side request forgery and cross-site scripting vulnerability in NextChat, also known as ChatGPT-Next-Web. This vulnerability enables read access to internal HTTP...