Vulnerabilities > CVE-2024-5933 - Unspecified vulnerability in Lollms Webui

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

lollms

NVD

Published: 2024-06-27

Updated: 2024-11-21

Summary

A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.

Vulnerable Configurations

Part	Description	Count
Application	Lollms Lollms Lollms Webui -	1

References

https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517
https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517