CVE-2024-1602 (GCVE-0-2024-1602)
Vulnerability from cvelistv5 – Published: 2024-04-10 17:08 – Updated: 2024-08-01 18:48
VLAI?
Summary
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T15:11:00.412948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T15:29:52.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user\u0027s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker\u0027s host. The issue affects various components of the application, including the handling of user input and model output."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:31.851Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097"
}
],
"source": {
"advisory": "59be0d5a-f18e-4418-8f29-72320269a097",
"discovery": "EXTERNAL"
},
"title": "Stored XSS leading to RCE in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1602",
"datePublished": "2024-04-10T17:08:02.423Z",
"dateReserved": "2024-02-18T00:13:27.756Z",
"dateUpdated": "2024-08-01T18:48:21.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user\u0027s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker\u0027s host. The issue affects various components of the application, including the handling of user input and model output.\"}, {\"lang\": \"es\", \"value\": \"parisneo/lollms-webui es vulnerable a Cross Site Scripting (XSS) almacenado que conducen a la ejecuci\\u00f3n remota de c\\u00f3digo (RCE). La vulnerabilidad surge debido a una desinfecci\\u00f3n y validaci\\u00f3n inadecuadas de los datos de salida del modelo, lo que permite a un atacante inyectar c\\u00f3digo JavaScript malicioso. Este c\\u00f3digo se puede ejecutar dentro del contexto del navegador del usuario, lo que permite al atacante enviar una solicitud al endpoint `/execute_code` y establecer un shell inverso al host del atacante. El problema afecta a varios componentes de la aplicaci\\u00f3n, incluido el manejo de la entrada del usuario y la salida del modelo.\"}]",
"id": "CVE-2024-1602",
"lastModified": "2024-11-21T08:50:55.387",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-04-10T17:15:52.537",
"references": "[{\"url\": \"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1602\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-04-10T17:15:52.537\",\"lastModified\":\"2025-07-09T14:14:04.560\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user\u0027s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker\u0027s host. The issue affects various components of the application, including the handling of user input and model output.\"},{\"lang\":\"es\",\"value\":\"parisneo/lollms-webui es vulnerable a Cross Site Scripting (XSS) almacenado que conducen a la ejecuci\u00f3n remota de c\u00f3digo (RCE). La vulnerabilidad surge debido a una desinfecci\u00f3n y validaci\u00f3n inadecuadas de los datos de salida del modelo, lo que permite a un atacante inyectar c\u00f3digo JavaScript malicioso. Este c\u00f3digo se puede ejecutar dentro del contexto del navegador del usuario, lo que permite al atacante enviar una solicitud al endpoint `/execute_code` y establecer un shell inverso al host del atacante. El problema afecta a varios componentes de la aplicaci\u00f3n, incluido el manejo de la entrada del usuario y la salida del modelo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lollms:lollms_web_ui:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2399B0FB-25C6-49CD-B523-0839533EAC2D\"}]}]}],\"references\":[{\"url\":\"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:48:21.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1602\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T15:11:00.412948Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:parisneo:lollms-webui:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"parisneo\", \"product\": \"lollms-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T15:29:39.528Z\"}}], \"cna\": {\"title\": \"Stored XSS leading to RCE in parisneo/lollms-webui\", \"source\": {\"advisory\": \"59be0d5a-f18e-4418-8f29-72320269a097\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"parisneo\", \"product\": \"parisneo/lollms-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"latest\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user\u0027s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker\u0027s host. The issue affects various components of the application, including the handling of user input and model output.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2024-04-16T11:10:31.851Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1602\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:48:21.887Z\", \"dateReserved\": \"2024-02-18T00:13:27.756Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-04-10T17:08:02.423Z\", \"assignerShortName\": \"@huntr_ai\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…