CSRF File Upload Vulnerability in parisneo/lollms-webui

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3.

N/A

跨站请求伪造(CSRF)

LoLLMs 跨站请求伪造漏洞

LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 7.3.0及之前版本存在跨站请求伪造漏洞，该漏洞源于攻击者可更改个人资料图片及执行存储型跨站脚本(XSS)攻击，从而导致拒绝服务及在浏览器会话上下文执行任意JavaScript。

N/A

N/A