CVE-2025-66450 | danny-avila LibreChat up to 0.8.0 POST Request iconURL cross site scripting (GHSA-84vx-vmcf-xgpp)

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability has been found in danny-avila LibreChat up to 0.8.0 and classified as problematic. Impacted is an unknown function of the component POST Request Handler. This manipulation of the argument iconURL causes basic cross site scripting.

The identification of this vulnerability is CVE-2025-66450. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2025-66450 | danny-avila LibreChat up to 0.8.0 POST Request iconURL cross site scripting (GHSA-84vx-vmcf-xgpp)

Post correlati

CVE-2018-9474 | Google Android 7/8/8.1/9 MediaPlayer.java writeToParcel deserialization

CVE-2025-4736 | PHPGurukul Daily Expense Tracker 1.1 /register.php email sql injection

CVE-2024-3643 | Newsletter Popup Plugin up to 1.2 on WordPress cross-site request forgery

CVE-2024-49899 | Linux Kernel up to 6.11.2 AMD Display divide by zero (7f8e93b862ab/b995c0a6de6c)