10 matches found
EUVD-2026-34996
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
PT-2026-47196
Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...
CVE-2025-3801
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...
one-api Cross-site Scripting vulnerability
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack...
CVE-2025-3801
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...
CVE-2025-3801 songquanpeng one-api System Setting cross site scripting
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...
CVE-2025-3801
CVE-2025-3801 refers to a cross-site scripting vulnerability in github.com/songquanpeng/one-api up to version 0.6.10. The weakness is in the System Setting Handler where manipulating the arguments Homepage Content/About System/Footer can lead to XSS. The issue is exploitable remotely and, per lin...
CVE-2025-3801 songquanpeng one-api System Setting cross site scripting
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...
PT-2025-17378 · Unknown · Songquanpeng One-Api
Name of the Vulnerable Software and Affected Versions: songquanpeng one-api versions up to 0.6.10 Description: A vulnerability was found in the System Setting Handler component, allowing for cross-site scripting through the manipulation of the Homepage Content argument. This issue can be exploite...