CVE Daily

CVE-2025-51864

A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (c...

Medium CVSS 6.5

Overview

A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT tokens.

CWE: CWE-79 Published: 2025-07-22T15:15:37.153
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.5 (MEDIUM)
  • Detected tags: jwt, xss (tag impact: MODERATE)

Recommended actions:

  • Use strong algorithms (HS256/RS256), rotate secrets, short expiries.
  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags