Vulnerabilities > Lollms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-6673 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. | 6.5 |
| 2024-10-11 | CVE-2024-6985 | Relative Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. | 4.4 |
| 2024-06-27 | CVE-2024-5933 | Unspecified vulnerability in Lollms Webui A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. | 5.4 |
| 2024-06-24 | CVE-2024-4499 | Unspecified vulnerability in Lollms 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. | 6.3 |