CVE-2024-4328HIGHCVSS 8.1v9.62024-06-10
CVE-2024-4328 [HIGH] CWE-352 CVE-2024-4328: A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list functio
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such
nvd