ghtwf01 issues

Results 3 issues of


                                            ghtwf01

ForestBlog存在前台存储型xss漏洞可获取所有用户包括管理员的账号密码(ForestBlog has a front-end storage type xss vulnerability, which can obtain the account passwords of all users, including administrators)

首先进入注册页面，昵称为任意的javascript代码，我这里以alert(document.cookie)为例获取cookie，真实的利用是将document.cookie的内容通过http请求发送到攻击者远程服务器保存，因为cookie里面包含用户名密码，所以xss攻击成功时攻击者也就获取到了用户/管理员的账号密码 English:First enter the registration page, the nickname is any javascript code, here I take alert(document.cookie) as an example to get the cookie. The real use is to send the...

<sft>llama3上下文支持好像有点问题

### Description ![上下文1](https://github.com/modelscope/modelscope-agent/assets/56472384/a1b21f26-04d7-420a-a3b2-a5085300f243) ![上下文2](https://github.com/modelscope/modelscope-agent/assets/56472384/32d72c12-b2b1-41e4-96d2-09df559cc72f) ![上下文3](https://github.com/modelscope/modelscope-agent/assets/56472384/9d99a4fa-1ba3-40b3-b43e-e549197cf236) ### Link _No response_

sft

求助，使用milvus作为知识库创建时报错

docker yml文件配置如下： ``` services: chromadb: image: chromadb/chroma ports: - "8000:8000" restart: always volumes: - chromadb_data:/chroma/.chroma/index chatollama: environment: - VECTOR_STORE=milvus - MILVUS_URL=http://host.docker.internal:19530 - CHROMADB_URL=http://chromadb:8000 - DATABASE_URL=file:/app/sqlite/chatollama.sqlite - REDIS_HOST=redis - COHERE_API_KEY=xxxxx -...