Описание
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lollms:lollms_web_ui:-:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
6.1 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.
EPSS
Процентиль: 33%
0.00131
Низкий
6.1 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79