CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...