CVE-2024-1602 in lollms-webuiinfo

Zusammenfassung

von MITRE • 10.04.2024

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

Huntr.dev

Reservieren

18.02.2024

Veröffentlichung

10.04.2024

Moderieren

akzeptiert

Eintrag

VDB-260224

CPE

bereit

EPSS

0.00724

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!