CVE-2024-6674

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-346
View all →

Vulnerability Description

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information.

Related Vulnerabilities

CVE-2018-4319

HIGH
CVSS:8.1(High)

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for ...

CWE-3462018

CVE-2019-20329

HIGH
CVSS:8.1(High)

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000.

CWE-3462019

CVE-2019-9498

HIGH
CVSS:8.1(High)

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Com...

CWE-3462019

CVE-2019-9499

HIGH
CVSS:8.1(High)

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pw...

CWE-3462019

CVE-2020-8818

HIGH
CVSS:8.1(High)

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an...

CWE-3462020

CVE-2020-8819

HIGH
CVSS:8.1(High)

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacke...

CWE-3462020