Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
6.1CVSS
6.6AI Score
0.0005EPSS
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
8.8CVSS
6.7AI Score
0.001EPSS