CVE-2024-1602
- EPSS 0.18%
- Veröffentlicht 10.04.2024 17:15:52
- Zuletzt bearbeitet 09.07.2025 14:14:04
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious ...
CVE-2024-1600
- EPSS 1.88%
- Veröffentlicht 10.04.2024 17:15:52
- Zuletzt bearbeitet 09.07.2025 14:14:24
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../...
CVE-2024-1520
- EPSS 11.44%
- Veröffentlicht 10.04.2024 17:15:51
- Zuletzt bearbeitet 09.07.2025 14:14:56
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by...
CVE-2024-1511
- EPSS 0.42%
- Veröffentlicht 10.04.2024 17:15:51
- Zuletzt bearbeitet 09.07.2025 14:08:00
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitra...
CVE-2024-1522
- EPSS 0.94%
- Veröffentlicht 30.03.2024 18:15:45
- Zuletzt bearbeitet 15.08.2025 20:33:48
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly vali...