CVE-2024-6040 | parisneo lollms-webui up to 9.8 lollms_binding_infos client_id cross-site request forgery

Posted by Angelo Barbosa | Aug 1, 2024 | CVE

A vulnerability has been found in parisneo lollms-webui up to 9.8 and classified as problematic. This vulnerability affects the function lollms_binding_infos. The manipulation of the argument client_id leads to cross-site request forgery.

This vulnerability was named CVE-2024-6040. The attack can be initiated remotely. There is no exploit available.

CVE-2024-6040 | parisneo lollms-webui up to 9.8 lollms_binding_infos client_id cross-site request forgery

Related Posts

CVE-2023-6484 | JBoss KeyCloak 22.0.5 WebAuthn injection

CVE-2024-3969 | OpenText iManager up to 3.2.6.0300 xml external entity reference

CVE-2024-4636 | Optimole Image Optimization Plugin up to 3.12.10 on WordPress SVG cross site scripting

CVE-2024-3955 | PiBrewing CraftBeerPi up to 4.4.1 GET Parameter http_system.py downloadlog logtime code injection