Unrated severityNVD Advisory· Published Jun 24, 2024· Updated Aug 1, 2024
CSRF Vulnerability in parisneo/lollms XTTS Server
CVE-2024-4499
Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- parisneo/parisneo/lollmsv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.