51 matches found
EUVD-2025-201843
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...
CVE-2025-66481 DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...
CVE-2025-66481
CVE-2025-66481 concerns DeepChat, an open-source AI chat platform. Affected versions: 0.5.1 and earlier. The vulnerability stems from improper sanitization of Mermaid content, making it susceptible to cross-site scripting (XSS). The security patch for MermaidArtifact.vue is insufficient and can b...
CVE-2025-66481 DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...
PT-2025-49683
Name of the Vulnerable Software and Affected Versions DeepChat versions 0.5.1 and below Description DeepChat, an open-source AI chat platform supporting cloud models and LLMs, is susceptible to Cross-Site Scripting XSS attacks due to inadequate sanitization of Mermaid content. The initial securit...
DeepChat 安全漏洞
DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A security vulnerability exists in DeepChat 0.5.1 and earlier versions, which stems from improper Mermaid content cleanup and could lead to cross-site scripting attacks and remote code execution...
CVE-2025-66222
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222
DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
EUVD-2025-201091
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
DeepChat 代码注入漏洞
DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat 0.5.0 and earlier versions, which stems from the presence of stored cross-site scripting in the Mermaid chart renderer, which could lead to remote code execution...
EUVD-2025-27502
Malicious code in bioql PyPI...
EUVD-2025-25237
Malicious code in bioql PyPI...
CVE-2025-58768
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...
CVE-2025-58768
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...
CVE-2025-58768 DeepChat's Mermaid rendering has XSS leading to RCE
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...
CVE-2025-58768
CVE-2025-58768 affects DeepChat prior to version 0.3.5, specifically in the Mermaid chart rendering component where user content is directly written via innerHTML. This creates an XSS vulnerability that can trigger an exploit chain, potentially allowing arbitrary JavaScript execution and arbitrar...