Lucene search
K

6 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References6
OSV
OSV
added 2026/04/10 9:31 a.m.23 views

GHSA-8WRQ-FV5F-PFP2 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS5.8AI score0.00405EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 9:31 a.m.7 views

EUVD-2026-21320

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/10 9:31 a.m.12 views

parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS5.8AI score0.00405EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/10 7:16 a.m.5 views

CVE-2026-1115

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS0.00405EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 6:23 a.m.32 views

CVE-2026-1115 Stored XSS in parisneo/lollms

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS0.00405EPSS
Exploits1References2
Rows per page
Query Builder