CNNVD-202509-2925 Information

CNNVD ID

CNNVD-202509-2925

Related CVE

CVE-2025-59417

• CNNVD Published: 2025-09-18

Description (Chinese)

Lobe Chat是LobeHub开源的一个开源、高性能的聊天机器人框架。 Lobe Chat 1.129.4之前版本存在跨站脚本漏洞，该漏洞源于SVGRender组件使用dangerouslySetInnerHTML处理SVG内容，可能导致跨站脚本攻击和远程代码执行。

Description (English)

Lobe Chat is an open source, high-performance chat robotic framework for the LobeHub open source. The pre-Lobe Chat 1.129.4 version has a cross-site script loophole, which stems from the use of the SVGRender component to process SVG content using dangerously SetInnerHTML, which may result in a cross-site script attack and remote code execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Loggro

Published

2025-09-18

Last Modified

2026-02-24

References

https://github.com/lobehub/lobe-chat/commit/9f044edd07ce102fe9f4b2fb47c62191c36da05c https://github.com/lobehub/lobe-chat/security/advisories/GHSA-m79r-r765-5f9j

Patch

https://github.com/lobehub/lobe-chat/releases