| 标题 | one api latest XSS |
|---|
| 描述 | One-api latest suffers from a Stored Cross-Site Scripting (XSS) vulnerability in the system settings (other settings),when add "<img src = 1 onerror = alert(/xss/)>" in Homepage Content、Footer、About System field. This vulnerability allows attackers to cheat other users by injecting malicious scripts into web pages viewed by other users. |
|---|
| 来源 | ⚠️ https://github.com/yaowenxiao721/Poc/blob/main/One-API/One-API-poc.md |
|---|
| 用户 | yaowenxiao (UID 82929) |
|---|
| 提交 | 2025-04-09 12時31分 (1 年前) |
|---|
| 管理 | 2025-04-18 16時16分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 305655 [songquanpeng one-api 直到 0.6.10 System Setting Homepage Content/About System/Footer 跨网站脚本] |
|---|
| 积分 | 15 |
|---|