CNNVD-202507-2885 Information

CNNVD ID

CNNVD-202507-2885

Related CVE

CVE-2025-51859

• CNNVD Published: 2025-07-22

Description (Chinese)

Chaindesk是法国Chaindesk公司的一个用于构建和部署基于私有数据的 AI 聊天机器人。 Chaindesk 2025-05-26及之前版本存在跨站脚本漏洞，该漏洞源于AI代理的系统提示可嵌入恶意脚本载荷，导致存储型跨站脚本攻击。

Description (English)

Chaindesk is an AI chat robot for the construction and deployment of private data based in Chaindesk, France. Chaindesk 2025-05-26 and previous versions had a cross-site script loophole, which originated from the AI agent ’ s system tip that could be embedded in a malicious script load, leading to a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Chaindesk

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/Secsys-FDU/CVE-2025-51859 https://access.redhat.com/security/cve/cve-2025-51859 https://nvd.nist.gov/vuln/detail/CVE-2025-51859