ChatPlaygroundai 跨站脚本和信息泄露漏洞
漏洞信息
漏洞名称: ChatPlayground.ai 跨站脚本和信息泄露漏洞
漏洞编号:
- CVE: CVE-2025-51858
漏洞类型: 跨站可执行脚本
漏洞等级: 高危
漏洞描述: ChatPlayground.ai是一个流行的用于比较AI模型的Web应用程序。该应用程序的聊天组件中存在跨站脚本(XSS)漏洞,可能导致JWT令牌被盗和远程账户劫持。此外,/api/chat-history端点存在弱访问控制(IDOR)问题。攻击者可以利用此IDOR漏洞访问受害者的聊天历史记录,即使JWT令牌已过期,也能导致私人数据泄露。
受影响产品:ChatPlayground.ai是一个广泛使用的平台,用于比较不同的AI模型。它作为一个Web应用程序,通常部署在云服务器上,供用户在线使用。由于其功能性和易用性,该平台吸引了大量用户,尤其是在AI研究和开发领域。
漏洞解释:该漏洞主要涉及两个安全问题。首先是跨站脚本(XSS)漏洞,存在于聊天组件中,允许攻击者通过嵌入恶意SVG XSS负载执行任意JavaScript代码。这属于自跨站脚本漏洞,攻击者可以通过执行JavaScript代码获取受害者的JWT令牌,进而劫持账户。其次是IDOR漏洞,API端点/api/chat-history仅依赖请求中的用户名字段进行授权,导致攻击者可以绕过访问控制,持续访问受害者的聊天历史记录。
影响分析:此漏洞对ChatPlayground.ai的所有用户构成威胁。攻击者可以通过XSS漏洞获取受害者的JWT令牌,实现远程账户劫持。此外,利用IDOR漏洞,攻击者可以在JWT令牌过期后,仍能访问受害者的聊天历史记录,导致私人数据持续泄露。这种漏洞不需要认证即可利用,且可以自动化攻击,极大地增加了安全风险。
产品厂商: ChatPlayground.ai
产品名称: ChatPlayground.ai
来源: https://github.com/Secsys-FDU/CVE-2025-51858
类型: CVE-2025:github search
仓库文件
- README.md
- figure1.png
- figure2.png
来源概述
CVE-2025-51858
Vulnerability description
ChatPlayground.ai is a popular web application for comparing AI models. A Cross-Site Scripting (XSS) vulnerability exists in the chat component. This can lead to JWT token theft and remote account hijacking. Additionally, the /api/chat-history endpoint exhibits weak access control (IDOR). An attacker, can exploit this IDOR to access the victim’s chat history with username in JWT token, leading to private data leakage even after the JWT token expires.
Attack Vectors
ChatPlayground.ai is a popular web application for comparing AI models. A Cross-Site Scripting (XSS) vulnerability exists in the chat component(https://www.chatplayground.ai/chat/) of ChatPlayground.ai, a popular platform for comparing AI models. Victims can be attacked by copying and pasting malicious text into the chat component.
An attacker can execute arbitrary JavaScript code by embedding an SVG XSS payload within the malicious text. This is a self-XSS vulnerability. By executing JavaScript code, the attacker can obtain the victim’s JWT token (used to identify the user’s login status), leading to remote account hijacking. Figure 1 shows the UI randering after user input the Self-XSS payload, it leaks the JWT Token of the user.
Furthermore, the victim’s JWT token contains the username encoded in Base64. The API endpoint for retrieving user history (https://www.chatplayground.ai/api/chat-history) on ChatPlayground.ai exhibits weak access control. This API solely relies on the username field in the request for authorization, leading to an insecure direct object reference (IDOR) or broken access control vulnerability. After the initial XSS attack, an attacker can extract the victim’s username and continue to access the victim’s chat history using this username even after the JWT token has expired. This allows for the persistent leakage of the victim’s private data. Figure 2 shows the POC of IDOR vulnerabilty of chatplayground.ai, which leaks the victim’s chat history to attacker.
Vulnerability affected
This vulnerability can have an impact on any user of https://www.chatplayground.ai. There will be persistent leakage of the user’s private data, i.e. the private information in chat history.