Lucene search
K

519 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-7044

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

8.9CVSS0.00477EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.11 views

CVE-2024-12760

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-4940. Notes: All CVE users should reference CVE-2024-4940 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits0
NVD
NVD
added 2025/03/20 10:15 a.m.10 views

CVE-2024-10908

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.0077EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.2 views

CVE-2024-10908

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS5.9AI score0.0077EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.12 views

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS0.00574EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-10720

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...

8.2CVSS0.00363EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-9308 Open Redirect in haotian-liu/llava

An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.00489EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.46 views

CVE-2024-9308

The CVE-2024-9308 entry concerns an open redirect in haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability stems from an open redirect that allows a remote, unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Documented impact mentions phishing, malware...

6.1CVSS7.1AI score0.00489EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:10 a.m.6 views

CVE-2024-10720 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...

8.2CVSS5.8AI score0.00363EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:10 a.m.59 views

CVE-2024-10720

A stored XSS vulnerability affects phpIPAM 1.5.2 in the Device Management section (Administration → Device Management) where attacker-supplied data in Name/Description can inject scripts. The underlying issue is unfiltered/untescaped input in that area. Consequences listed include data theft, acc...

8.2CVSS7.1AI score0.00363EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-10720 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...

8.2CVSS0.00363EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-10722 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distributi...

3.5CVSS0.00315EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.6 views

CVE-2024-10722 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distributi...

3.5CVSS5.8AI score0.00315EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-7044 Stored XSS in open-webui/open-webui

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

6.8CVSS5.9AI score0.00477EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2024-7044 Stored XSS in open-webui/open-webui

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

6.8CVSS0.00477EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.49 views

CVE-2024-7044

Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...

8.9CVSS5.9AI score0.00477EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10908 Open Redirect in lm-sys/fastchat

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.0077EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10908 Open Redirect in lm-sys/fastchat

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS6.3AI score0.0077EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.72 views

CVE-2024-10908

The CVE-2024-10908 entry describes an open redirect vulnerability in lm-sys/fastchat release 0.2.36. The issue allows remote, unauthenticated attackers to redirect users to arbitrary URLs, enabling phishing, malware distribution, and credential theft. Affected component: lm-sys/fastchat, version ...

6.1CVSS6.3AI score0.0077EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-12760

...

Exploits0
Rows per page
Query Builder