GHSA-wvcx-j62q-45qw

Опубликовано: 19 апр. 2025

Источник: github

Github: Прошло ревью

CVSS4: 4.8

CVSS3: 2.4

Описание

one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

Пакеты

Наименование

github.com/songquanpeng/one-api

Затронутые версииВерсия исправления

<= 0.6.10

Отсутствует

EPSS

Процентиль: 15%

0.0005

Низкий

4.8 Medium

CVSS4

2.4 Low

CVSS3

CVE ID

CVE-2025-3801

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-3801

CVSS3: 2.4

nvd

10 месяцев назад

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 15%

0.0005

Низкий

4.8 Medium

CVSS4

2.4 Low

CVSS3

CVE ID

CVE-2025-3801

Дефекты

CWE-79