CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

Lobe Chat 跨站脚本漏洞

Lobe Chat is an open source, high-performance chatbot framework open sourced from LobeHub. A cross-site scripting vulnerability exists in Lobe Chat versions prior to 1.129.4 that stems from the SVGRender component's use of dangerouslySetInnerHTML to process SVG content, which could lead to...