6 matches found
CVE-2025-30210
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...
CVE-2025-30210
CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...
CVE-2025-30210 Bruno XSS On Environment Name
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...
CVE-2025-30210 Bruno XSS On Environment Name
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...
PT-2025-14115 · Unknown +1 · React-Tooltip +1
Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: The issue arises from custom tool-tip components using react-tooltip, which set content as raw HTML and inject it into the DOM on hover. This, combined with loose Content Security Policy restriction...
LoLLMs Code Injection Vulnerability
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A code injection vulnerability exists in LoLLMs version 5.9.0, which stems from the presence of a remote code execution vulnerability that allows an attacker to inject arbitrary commands via th...