CVE-2025-3801

Summary

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
songquanpengone-api0.6.0affected
songquanpengone-api0.6.1affected
songquanpengone-api0.6.2affected
songquanpengone-api0.6.3affected
songquanpengone-api0.6.4affected
songquanpengone-api0.6.5affected
songquanpengone-api0.6.6affected
songquanpengone-api0.6.7affected
songquanpengone-api0.6.8affected
songquanpengone-api0.6.9affected
songquanpengone-api0.6.10affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References