Description

A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML. This allows an attacker to execute malicious JavaScript code by injecting a payload into the 'System Template' input field under main configurations.

INFO

Published Date :

2025-03-20T10:10:40.879Z

Last Modified :

2025-03-20T18:18:26.767Z

Source :

@huntr_ai

Researchers

Following researchers has claimed that they have found this vulnerability.

kutaysec
kutaysec

@kutaysec
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6986 vulnerability.

Vendors Products
Lollms
  • Lollms Web Ui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6986.

URL Resource
https://huntr.com/bounties/83e9bde1-40b2-49e9-be1c-bc1498eb8ebd cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact