Metrics
Affected Vendors & Products
Wed, 15 Oct 2025 13:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-434 | 
Wed, 15 Oct 2025 13:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-79 | 
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Mon, 07 Jul 2025 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Lollms Lollms lollms-webui | |
| CPEs | cpe:2.3:a:lollms:lollms-webui:9.6:*:*:*:*:*:*:* | |
| Vendors & Products | Lollms Lollms lollms-webui | 
Fri, 15 Nov 2024 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Parisneo Parisneo lollms-webui | |
| CPEs | cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:* | |
| Vendors & Products | Parisneo Parisneo lollms-webui | |
| Metrics | cvssV3_1 
 
 | 
Thu, 14 Nov 2024 17:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module. | |
| Title | XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui | |
| Weaknesses | CWE-434 | |
| References |  | |
| Metrics | cvssV3_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-11-14T17:36:04.963Z
Updated: 2025-10-15T12:50:25.176Z
Reserved: 2024-05-19T15:40:52.654Z
Link: CVE-2024-5125
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-15T15:50:39.698Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-11-14T18:15:26.760
Modified: 2025-10-15T13:15:45.577
Link: CVE-2024-5125
 Redhat
                        Redhat
                    No data.