CVE-2026-1115 | parisneo lollms up to 2.1.x init.py create_post cross site scripting

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability labeled as problematic has been found in parisneo lollms up to 2.1.x. This issue affects the function create_post of the file backend/routers/social/__init__.py. Executing a manipulation can lead to cross site scripting.

This vulnerability is registered as CVE-2026-1115. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.

CVE-2026-1115 | parisneo lollms up to 2.1.x __init__.py create_post cross site scripting

Post correlati

CVE-2024-29066 | Microsoft Windows Server 2008 R2 SP1 up to Server 2022 Distributed File System toctou

CVE-2025-52923 | Sangfor aTrust 2.4.10 ExecStartPre Command permission assignment (EUVD-2025-18829)

CVE-2025-66476 | Vim up to 9.1.1946 on Windows cmd.exe uncontrolled search path (GHSA-g77q-xrww-p834 / 083ec6d9a3b7b09006e0ce69ac802597d25)

CVE-2025-27625 | Jenkins redirect

CVE-2026-1115 | parisneo lollms up to 2.1.x init.py create_post cross site scripting