7 matches found
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
PT-2026-3404
Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.0.0-next.180 Description LobeChat is an open source chat application platform. A stored Cross-Site Scripting XSS issue exists in the Mermaid artifact renderer, enabling attackers to execute arbitrary JavaScript...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
EUVD-2025-201091
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...