Description

mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM.

INFO

Published Date :

2025-03-20T10:09:14.108Z

Last Modified :

2025-04-04T08:45:38.623Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9900 vulnerability.

Vendors Products
Mudler
  • Localai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9900.

URL Resource
https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515 cve-icon cve-icon
https://huntr.com/bounties/b39cd230-db66-471b-89b9-24afaa078e68 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact