mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1013 B
1013 B
CVE-2024-6986
&color=brighgreen)
Description
A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML. This allows an attacker to execute malicious JavaScript code by injecting a payload into the 'System Template' input field under main configurations.
POC
Reference
No PoCs from references.