NextChat < 2.12.4 Server-Side Request Forgery
NextChat formerly ChatGPT-Next-Web versions prior to 2.12.4 are vulnerable to Server-Side Request Forgery SSRF and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the...