Update LLM05_ImproperOutputHandling.md (#451)

kenhuangus · web-flow · commit d63569a93c70 · 2024-10-28T09:37:32.000-04:00
change insecure to improper inside the main body of text in addition.

Signed-off-by: DistributedApps.AI &lt;kenhuangus@users.noreply.github.com&gt;
diff --git a/2_0_vulns/LLM05_ImproperOutputHandling.md b/2_0_vulns/LLM05_ImproperOutputHandling.md
@@ -1,9 +1,9 @@
-## LLM05:2025 Insecure Output Handling
+## LLM05:2025 Improper Output Handling
 
 ### Description
-Insecure Output Handling refers specifically to insufficient validation, sanitization, and handling of the outputs generated by large language models before they are passed downstream to other components and systems. Since LLM-generated content can be controlled by prompt input, this behavior is similar to providing users indirect access to additional functionality.
-Insecure Output Handling differs from Overreliance in that it deals with LLM-generated outputs before they are passed downstream whereas Overreliance focuses on broader concerns around overdependence on the accuracy and appropriateness of LLM outputs.
-Successful exploitation of an Insecure Output Handling vulnerability can result in XSS and CSRF in web browsers as well as SSRF, privilege escalation, or remote code execution on backend systems.
+Improper Output Handling refers specifically to insufficient validation, sanitization, and handling of the outputs generated by large language models before they are passed downstream to other components and systems. Since LLM-generated content can be controlled by prompt input, this behavior is similar to providing users indirect access to additional functionality.
+Improper Output Handling differs from Overreliance in that it deals with LLM-generated outputs before they are passed downstream whereas Overreliance focuses on broader concerns around overdependence on the accuracy and appropriateness of LLM outputs.
+Successful exploitation of an Improper Output Handling vulnerability can result in XSS and CSRF in web browsers as well as SSRF, privilege escalation, or remote code execution on backend systems.
 The following conditions can increase the impact of this vulnerability:
 - The application grants the LLM privileges beyond what is intended for end users, enabling escalation of privileges or remote code execution.
 - The application is vulnerable to indirect prompt injection attacks, which could allow an attacker to gain privileged access to a target user's environment.
