CVE-2025-50735
- EPSS 0.52%
- Veröffentlicht 03.11.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 18:53:52
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpo...
CVE-2025-50733
- EPSS 0.02%
- Veröffentlicht 22.08.2025 00:00:00
- Zuletzt bearbeitet 26.08.2025 14:15:38
NextChat contains a cross-site scripting (XSS) vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs bec...
CVE-2023-49785
- EPSS 92.64%
- Veröffentlicht 12.03.2024 00:15:26
- Zuletzt bearbeitet 10.04.2025 20:35:48
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to intern...