Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:59 p.m.14 views

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

8.8CVSS7.8AI score0.01247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:56 p.m.9 views

CVE-2024-6986

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

5.5CVSS6.1AI score0.00272EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:21 a.m.6 views

CVE-2024-1522

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS9AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/12 12:0 a.m.4 views

PT-2024-19635 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A stored Cross-Site Scripting XSS issue exists due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this by uploading malicio...

7.4CVSS7AI score0.00366EPSS
Exploits1References5
Rows per page
Query Builder