VDB
CISA-2025-3801
CISA-2025-3801
PUBLISHED
CVSS 4.8 MEDIUM
Reported by VulDB · Published April 19, 2025
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Risk Scores
CVSS 4.0
4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| songquanpeng | one-api | 0.6.0, 0.6.1, 0.6.2 |
| songquanpeng | one-api | 0.6.0, 0.6.1, 0.6.2 |
Timeline
- Apr 19, 2025 CVE Published
- Apr 21, 2025 CVE Updated
References
- VDB-305655 | songquanpeng one-api System Setting cross site scripting vdb-entrytechnical-description
- VDB-305655 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
- Submit #554702 | one api latest XSS third-party-advisory
- exploit