Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-49785

Date: March 11, 2024

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.

Language: TYPE_SCRIPT

Severity Score

Related Resources (8)

https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web
https://www.vicarius.io/vsociety/posts/hacking-ai-chatbots-for-fun-and-learning-analyzing-an-unauthenticated-ssrf-and-reflected-xss-in-chatgpt-next-web-cve-2023-49785
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/issues/4283
https://nvd.nist.gov/vuln/detail/CVE-2023-49785
https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to
https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/pull/4285
https://www.mend.io/vulnerability-database/CVE-2023-49785

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us