Low severity2.4GHSA Advisory· Published Apr 19, 2025· Updated Apr 15, 2026
CVE-2025-3801
CVE-2025-3801
Description
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/songquanpeng/one-apiGo | <= 0.6.10 | — |
Affected products
3- Range: <= 0.6.10
- ghsa-coords2 versionspkg:golang/github.com/songquanpeng/one-apipkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 0.6.10+ 1 more
- (no CPE)range: <= 0.6.10
- (no CPE)range: < 0.0.20250422T181640-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wvcx-j62q-45qwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-3801ghsaADVISORY
- github.com/yaowenxiao721/Poc/blob/main/One-API/One-API-poc.mdnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
News mentions
0No linked articles in our index yet.