SUSE CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Homepage Content argument in the system setting handler. An attacker can alter the display of web pages or redirect users to malicious websites by injecting arbitrary web script o...

CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

One API 代码注入漏洞

One API is an LLM API management and distribution system for JustSong individual developers. A code injection vulnerability exists in One API version 0.6.10 and earlier, which stems from a cross-site scripting attack caused by the operation of the Homepage Content parameter in the System Settings...