How severe is CVE-2024-5125?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-5125?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2024-5125 - HIGH Severity | CVSS 7.3

Vulnerability Description

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module.

Related Vulnerabilities

CVE-2016-1713

HIGH

CVSS:7.3(High)

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated ...

CWE-4342016

CVE-2017-18435

HIGH

CVSS:7.3(High)

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

CWE-4342017

CVE-2020-25406

HIGH

CVSS:7.3(High)

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.

CWE-4342020

CVE-2020-6293

HIGH

CVSS:7.3(High)

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but...

CWE-4342020

CVE-2023-2063

HIGH

CVSS:7.3(High)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP modu...

CWE-4342023

CVE-2023-42472

HIGH

CVSS:7.3(High)

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...

CWE-4342023