VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Cross-site Scripting (XSS) in parisneo/lollms-webui

CVE-2024-6986

Description

A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML. This allows an attacker to execute malicious JavaScript code by injecting a payload into the 'System Template' input field under main configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lollms/Lollmsllm-fuzzy2 versions
    =9.8+ 1 more
    • (no CPE)range: =9.8
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.