3 matches found
Missing Critical Step in Authentication
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to a missing checkaccess call in the installbinding function. An attacker can add, modify, and remove bindings by accessing the...
Arbitrary Command Injection
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Arbitrary Command Injection in the calculate function, which uses the eval function without sufficient protection. An attacker can execute commands on the server by injecting...
Cross-site Scripting (XSS)
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sanitizesvg function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into a...