Lucene search
K

51 matches found

EUVD
EUVD
added 2025/12/09 12:25 a.m.5 views

EUVD-2025-201843

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...

9.6CVSS6.2AI score0.00482EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/09 12:25 a.m.3 views

CVE-2025-66481 DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...

9.6CVSS6.3AI score0.00482EPSS
Exploits1References1
CVE
CVE
added 2025/12/09 12:25 a.m.21 views

CVE-2025-66481

CVE-2025-66481 concerns DeepChat, an open-source AI chat platform. Affected versions: 0.5.1 and earlier. The vulnerability stems from improper sanitization of Mermaid content, making it susceptible to cross-site scripting (XSS). The security patch for MermaidArtifact.vue is insufficient and can b...

9.6CVSS6.3AI score0.00482EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/12/09 12:25 a.m.5 views

CVE-2025-66481 DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...

9.6CVSS6.7AI score0.00482EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49683

Name of the Vulnerable Software and Affected Versions DeepChat versions 0.5.1 and below Description DeepChat, an open-source AI chat platform supporting cloud models and LLMs, is susceptible to Cross-Site Scripting XSS attacks due to inadequate sanitization of Mermaid content. The initial securit...

9.6CVSS6.4AI score0.00482EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

DeepChat 安全漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A security vulnerability exists in DeepChat 0.5.1 and earlier versions, which stems from improper Mermaid content cleanup and could lead to cross-site scripting attacks and remote code execution...

9.6CVSS7AI score0.00482EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/04 7:22 p.m.5 views

CVE-2025-66222

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.6AI score0.00518EPSS
Exploits1References1
NVD
NVD
added 2025/12/03 7:15 p.m.5 views

CVE-2025-66222

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS0.00518EPSS
Exploits1References2
CVE
CVE
added 2025/12/03 6:34 p.m.16 views

CVE-2025-66222

DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...

9.6CVSS5.2AI score0.00518EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/03 6:34 p.m.14 views

CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS0.00518EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/03 6:34 p.m.4 views

CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.2AI score0.00518EPSS
Exploits1References2
OSV
OSV
added 2025/12/03 6:34 p.m.5 views

CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.6AI score0.00518EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/03 6:34 p.m.6 views

EUVD-2025-201091

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.2AI score0.00518EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.4 views

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat 0.5.0 and earlier versions, which stems from the presence of stored cross-site scripting in the Mermaid chart renderer, which could lead to remote code execution...

9.6CVSS7.2AI score0.00518EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27502

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.00558EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-25237

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.00634EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.14 views

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS7AI score0.00558EPSS
Exploits1References1
NVD
NVD
added 2025/09/09 9:15 p.m.6 views

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS0.00558EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/09 8:19 p.m.4 views

CVE-2025-58768 DeepChat's Mermaid rendering has XSS leading to RCE

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS6.6AI score0.00558EPSS
Exploits1References1
CVE
CVE
added 2025/09/09 8:19 p.m.18 views

CVE-2025-58768

CVE-2025-58768 affects DeepChat prior to version 0.3.5, specifically in the Mermaid chart rendering component where user content is directly written via innerHTML. This creates an XSS vulnerability that can trigger an exploit chain, potentially allowing arbitrary JavaScript execution and arbitrar...

9.6CVSS6.6AI score0.00558EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder