CVE-2024-5933

A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_webui:-:*:*:*:*:*:*:*

History

19 Aug 2024, 21:07

Type Values Removed Values Added
CPE cpe:2.3:a:lollms:lollms_webui:-:*:*:*:*:*:*:*
References () https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517 - () https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517 - Exploit
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.4
First Time Lollms lollms Webui
Lollms
Summary
  • (es) Existe una vulnerabilidad de cross site scripting (XSS) en la funcionalidad de chat de parisneo/lollms-webui en la última versión. Esta vulnerabilidad permite a un atacante inyectar scripts maliciosos a través de mensajes de chat, que luego se ejecutan en el contexto del navegador del usuario.

27 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 19:15

Updated : 2024-08-19 21:07


NVD link : CVE-2024-5933

Mitre link : CVE-2024-5933

CVE.ORG link : CVE-2024-5933


JSON object : View

Products Affected

lollms

  • lollms_webui
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')