ChatPlayground.ai Cross Site Scripting / Insecure Direct Object Reference
ChatPlayground.ai is a popular web application for comparing AI models. A cross site scripting vulnerability exists in the chat component. This can lead to JWT token theft and remote account hijacking. Additionally, the /api/chat-history endpoint exhibits weak access control allowing for insecure...