VDB

CISA-2025-3801

CISA-2025-3801 PUBLISHED CVSS 4.8 MEDIUM

Reported by VulDB · Published April 19, 2025

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Risk Scores

CVSS 4.0
4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
songquanpengone-api0.6.0, 0.6.1, 0.6.2
songquanpengone-api0.6.0, 0.6.1, 0.6.2

Timeline

  • Apr 19, 2025 CVE Published
  • Apr 21, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›