mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM.
References
Configurations
No configuration.
History
20 Mar 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/b39cd230-db66-471b-89b9-24afaa078e68 - | |
Summary |
|
20 Mar 2025, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-20 10:15
Updated : 2025-03-20 14:15
NVD link : CVE-2024-9900
Mitre link : CVE-2024-9900
CVE.ORG link : CVE-2024-9900
JSON object : View
Products Affected
No product.
CWE
CWE-115
Misinterpretation of Input