CNNVD-202507-2887 Information

CNNVD ID

CNNVD-202507-2887

Related CVE

CVE-2025-51860

• CNNVD Published: 2025-07-22

Description (Chinese)

TelegAI是TelegAI公司的一个AI聊天机器人网站。 TelegAI 2025-05-26版本存在跨站脚本漏洞，该漏洞源于AI角色描述中可嵌入SVG跨站脚本载荷，导致存储型跨站脚本攻击。

Description (English)

Telegai is an AI chat robot site for Telegai. The TelegAI 2025-05-26 version has a cross-site script loophole, which stems from the SVG cross-site script load that can be embedded in the AI role description, leading to a storage-type cross-stop script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

TelegAI

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/Secsys-FDU/CVE-2025-51860 https://nvd.nist.gov/vuln/detail/CVE-2025-51860 https://access.redhat.com/security/cve/cve-2025-51860