Github.Com Mudler Localai vulnerabilities
2 known vulnerabilities affecting github.com/mudler_localai.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-9900P4MEDIUM≥ 0, < 2.22.02025-03-20
CVE-2024-9900 [MEDIUM] CWE-115 LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality
mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context
ghsaosv
CVE-2024-48057P4LOW≥ 0, ≤ 2.20.12024-11-05
CVE-2024-48057 [LOW] CWE-352 LocalAI Cross-site Scripting vulnerability
LocalAI Cross-site Scripting vulnerability
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
ghsaosv