Lucene search

CVE-2024-2299

🗓️ 14 May 2024 15:47:18Reported by @huntr_aiType

A stored XSS vulnerability exists in parisneo/lollms-webui due to improper validation of uploaded files in the profile picture upload functionality, allowing remote attackers to execute malicious JavaScript code

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
Vulnrichment	CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui	12 May 202420:27	–	vulnrichment
Cvelist	CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui	12 May 202420:27	–	cvelist
CNVD	LoLLMs Cross-Site Scripting Vulnerability	30 May 202400:00	–	cnvd
NVD	CVE-2024-2299	14 May 202415:18	–	nvd

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms-webui",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/f1adaac0-b9ed-4093-a0f3-2d0a4ecba398

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:18Current

5.5Medium risk

Vulners AI Score5.5

CVSS37.4

EPSS0.00378

SSVC

CWE-79