localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mudler
Mudler localai |
|
Weaknesses | CWE-352 CWE-79 |
|
CPEs | cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mudler
Mudler localai |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-11-05T17:28:51.570Z
Reserved: 2024-10-08T00:00:00
Link: CVE-2024-48057

Updated: 2024-11-05T17:28:39.575Z

Status : Analyzed
Published: 2024-11-04T23:15:04.393
Modified: 2025-09-04T16:15:35.463
Link: CVE-2024-48057

No data.

No data.