GHSA-wvcx-j62q-45qw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wvcx-j62q-45qw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-wvcx-j62q-45qw/GHSA-wvcx-j62q-45qw.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wvcx-j62q-45qw
- Aliases
-
- CVE-2025-3801
- GO-2025-3636
- Published
- 2025-04-19T15:30:23Z
- Modified
- 2025-04-22T18:43:43.893818Z
- Severity
-
- 2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- one-api Cross-site Scripting vulnerability
- Details
-
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- Database specific
{ "nvd_published_at": "2025-04-19T14:15:38Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-21T21:54:52Z" }- References
Affected packages
Go / github.com/songquanpeng/one-api
Package
- Name
- github.com/songquanpeng/one-api
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/songquanpeng/one-api