2 matches found
CVE-2026-1116 Cross-site Scripting (XSS) in parisneo/lollms
A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...
PT-2026-32142
A Cross-site Scripting XSS vulnerability was identified in the from dict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows ...