How severe is CVE-2024-2288?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-2288?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-2288 - HIGH Severity | CVSS 8.3

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3.

Related Vulnerabilities

CVE-2019-20691

HIGH

CVSS:8.3(High)

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24,...

CWE-3522019

CVE-2020-36839

HIGH

CVSS:8.3(High)

The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. T...

CWE-3522020

CVE-2022-4849

HIGH

CVSS:8.3(High)

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CWE-3522022

CVE-2024-22424

HIGH

CVSS:8.3(High)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) a...

CWE-3522024

CVE-2024-24820

HIGH

CVSS:8.3(High)

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cr...

CWE-3522024

CVE-2024-25808

HIGH

CVSS:8.3(High)

Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.

CWE-3522024