Vulnerability Details CVE-2024-6986
A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML. This allows an attacker to execute malicious JavaScript code by injecting a payload into the 'System Template' input field under main configurations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2024-6986
-
cpe:2.3:a:lollms:lollms_web_ui:9.8