| Title | one api latest XSS |
|---|
| Description | One-api latest suffers from a Stored Cross-Site Scripting (XSS) vulnerability in the system settings (other settings),when add "<img src = 1 onerror = alert(/xss/)>" in Homepage Content、Footer、About System field. This vulnerability allows attackers to cheat other users by injecting malicious scripts into web pages viewed by other users. |
|---|
| Source | ⚠️ https://github.com/yaowenxiao721/Poc/blob/main/One-API/One-API-poc.md |
|---|
| User | yaowenxiao (UID 82929) |
|---|
| Submission | 04/09/2025 12:31 (1 Year ago) |
|---|
| Moderation | 04/18/2025 16:16 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 305655 [songquanpeng one-api up to 0.6.10 System Setting Homepage Content/About System/Footer cross site scripting] |
|---|
| Points | 15 |
|---|