This is an informational plugin to inform the user that the scanner has detected a publicly accessible 'llms.txt' file on the target application. The 'llms.txt' file is a proposal designed to provide LLM-friendly content written in markdown for LLMs usage. This detection is included in the AI and LLM category.

This is an informational notice that the scanner was able to detect a Model Context Protocol (MCP) server available without authentication on the target server. When available, the plugin provides the list of tools, prompts and resources in the attachments.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Drift chatbot on the target application. Drift is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Intercom chatbot on the target application. Intercom is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Livechat chatbot on the target application. Livechat is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dialogflow chatbot on the target application. Google Dialogflow is a natural language understanding platform to help developers building conversational user interfaces. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Typebot chatbot on the target application. Typebot is an open-source chatbot builder. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Azure Bot Framework chatbot on the target application. Azure Bot Framework is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Voiceflow chatbot on the target application. Voiceflow is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Botpress chatbot on the target application. Botpress is an open-source visual framework to build & deploy GPT/LLM Agents. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow chatbot on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category.

Label Studio versions prior to 1.18.0 are vulnerable to a Reflected Cross-Site Scripting on '/projects/upload-example/' endpoint. This detection is included in the AI and LLM category.

This is an informational notice that the scanner was able to detect an MCP (Model Context Procol) Inspector instance on the target server.

This is an informational notice that the scanner was able to detect an MCP (Model Context Procol) manifest on the target server.

This is an informational notice that the scanner was able to detect an Agent2Agent (A2A) card on the target server.

This is an informational notice that the scanner was able to detect a Model Context Protocol (MCP) server on the target server.

Langflow is vulnerable to an attack allowing an unauthenticated attacker to execute arbitrary code via a specially forged request on the '/api/v1/validate/code' endpoint. This detection is included in the AI and LLM category.

Flowise is vulnerable to an attack allowing an unauthenticated attacker to upload an arbitrary file. This detection is included in the AI and LLM category.

Note that this plugin requires the 'File Upload' assessment option enabled in the scan configuration.

LiteLLM applies an authentication system with credentials that could have been suggested from the documentation. If these credentials are not modified, an attacker could access LiteLLM's interface and perform arbitrary actions. This detection is included in the AI and LLM category.

According to its self-reported version, the instance of LiteLLM running on the remote web server is prior to 1.48.18. It is, therefore, affected by a Server-Side Request Forgery vulnerability in the chat completion.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LiteLLM instance on the target application. LiteLLM is a LLM Gateway to provide model access in the OpenAI format. This detection is included in the AI and LLM category.

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.122.4. It is, therefore, affected by an Improper Access Control allowing access plugins without proper authorization.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.150.6. It is, therefore, affected by a Server-Side Request Forgery through agent proxy configuration.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.162.25. It is, therefore, affected by a Sensitive Data Exposure through SSO/Access Code.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 1.19.13. It is, therefore, affected by multiples Server-Side Request Forgery :

 - A Server-Side Request Forgery through proxy address

 - A Server-Side Request Forgery through through a bypass of a previous fix

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LobeChat instance on the target application. LobeChat is an open-source, AI chat framework that supports multi AI providers. This detection is included in the AI and LLM category.

Danswer version prior to 0.10.0-beta.1 suffers from an Insecure Direct Object Reference allowing an unauthenticated attacker to access messages and attached files via a specially forged request. This detection is included in the AI and LLM category.

Gradio before version 4.37.1 suffer from an open redirect vulnerability, allowing an attacker to craft a link and try redirecting target applications users to a malicious server. This detection is included in the AI and LLM category.

Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API.

Gradio version 4.3 prior to 4.13 are vulnerable to an unauthenticated Local file read by calling arbitrary methods of Components class. This detection is included in the AI and LLM category.

By default, Gradio does not require authentication to access the application. This allows an attacker to access sensitive data. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category.

By default, Danswer does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Danswer instance on the target application. Danswer is the AI Assistant connected to your company's docs, apps, and people. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dify instance on the target application. Dify is an open-source LLM app development platform. This detection is included in the AI and LLM category.

AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ChatGPT-web instance. ChatGPT-web is a simple one-page web interface to the OpenAI ChatGPT API. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible H2O Flow instance on the target application. H2O Flow is an open-source user interface for H2O, an open-source, distributed and scalable machine learning and predictive analytics platform. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected the presence of a manifest used by ChatGPT plugins on the target application. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning (ML) and Python applications. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ZenML instance on the target application. ZenML is an open-source framework dedicated to MLOps abstracting the underlying infrastructure. This detection is included in the AI and LLM category.

By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ollama instance on the target application. Ollama is an open-source application to quickly set up various LLMs. This detection is included in the AI and LLM category.

By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category.

By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they expose. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category.

NextChat (formerly ChatGPT-Next-Web) versions prior to 2.12.4 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the '/api/webdav' endpoint or to execute JavaScript in the application users browsers context. This detection is included in the AI and LLM category.

By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to modify existing Chatflows and Agentflows. This detection is included in the AI and LLM category.

ID	Name	Severity
114883	Llms.txt File Detected	info
114791	MCP Server Unauthenticated Access	info
114881	Drift Chatbot Detected	info
114880	Intercom Chatbot Detected	info
114879	Livechat Chatbot Detected	info
114878	Dialogflow Chatbot Detected	info
114874	Typebot Chatbot Detected	info
114873	Azure Bot Framework Chatbot Detected	info
114872	Voiceflow Chatbot Detected	info
114871	Botpress Chatbot Detected	info
114870	Langflow Chatbot Detected	info
114798	Label Studio < 1.18.0 Reflected Cross-Site Scripting	high
114797	MCP Inspector Detected	info
114793	MCP Manifest Detected	info
114792	Agent2Agent (A2A) Card Detected	info
114790	MCP Server Detected	info
114668	Langflow < 1.3.0 Unauthenticated Remote Code Execution	high
114667	FlowiseAI Arbitrary File Upload	critical
114625	LiteLLM Default Credentials	critical
114623	LiteLLM < 1.48.18 Server-Side Request Forgery	high
114622	LiteLLM Detected	info
114589	LobeChat < 0.122.4 Improper Access Control	medium
114588	LobeChat < 0.150.6 Server-Side Request Forgery	critical
114587	LobeChat < 0.162.25 Sensitive Data Exposure	medium
114586	LobeChat < 1.19.13 Server-Side Request Forgery	high
114585	LobeChat Detected	info
114467	Danswer < 0.10.0-beta.1 Insecure Direct Object Reference	medium
114459	Gradio < 4.37.1 Open Redirect	medium
114413	Flowise < 2.0.6 Authentication Bypass	high
114409	Gradio 4.3 < 4.13 Local File Read	high
114408	Gradio Unauthenticated Access	critical
114407	Gradio Detected	info
114393	Danswer Unauthenticated Access	critical
114392	Danswer Detected	info
114391	Dify Detected	info
114390	AnythingLLM API Sensitive Information Disclosure	high
114389	ChatGPT-web Detected	info
114367	H2O Flow Detected	info
114362	ChatGPT Plugin Manifest Detected	info
114361	Ray Detected	info
114359	ZenML Detected	info
114328	Ollama Unauthenticated Access	critical
114327	Ollama Detected	info
114324	MLflow Unauthenticated Access	critical
114323	MLflow Default Credentials	critical
114321	Chatgpt.js Detected	info
114320	Langflow Unauthenticated Access	critical
114319	Langflow Detected	info
114326	NextChat < 2.12.4 Server-Side Request Forgery	high
114318	Flowise Unauthenticated Access	critical

Detections

Analytics

Artificial Intelligence Family for Web App Scanning

info

info

info

info

info

info

info

info

info

info

info

high

info

info

info

info

high

critical

critical

high

info

medium

critical

medium

high

info

medium

medium

high

high

critical

info

critical

info

info

high

info

info

info

info

info

critical

info

critical

critical

info

critical

info

high

critical