1 results (0.001 seconds)
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 1
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 1CVE-2025-3801 – songquanpeng one-api System Setting cross site scripting
https://notcve.org/view.php?id=CVE-2025-3801
19 Apr 2025 — A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.305655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •