Login Sign Up

CVE-2024-5125

7.3 HIGH
Cross-Site Scripting Open Redirect

📋 TL;DR

This vulnerability in lollms-webui version 9.6 allows attackers to upload malicious SVG files containing JavaScript code that executes when rendered, enabling cross-site scripting attacks and open redirects. Users who upload SVG files to the AI module are affected, potentially leading to credential theft and phishing attacks.

💻 Affected Systems

Products:
  • parisneo/lollms-webui
Versions: Version 9.6 specifically
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances where file upload functionality to AI module is enabled and SVG files are accepted.

📦 What is this software?

Lollms Webui by Lollms

View all CVEs affecting Lollms Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, credential theft, malware distribution to all users, and reputation damage to the organization hosting the vulnerable instance.

🟠

Likely Case

Targeted phishing attacks against users, session hijacking, and unauthorized data access through malicious JavaScript execution.

🟢

If Mitigated

Limited impact with proper input validation and file type restrictions, potentially only affecting users who manually upload SVG files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (uploading SVG file) but the attack vector is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 9b0f6c4ad1b9a2cd3466dcefaa278df30feed67e

Vendor Advisory: https://github.com/parisneo/lollms-webui/commit/9b0f6c4ad1b9a2cd3466dcefaa278df30feed67e

Restart Required: Yes

Instructions:

1. Update to latest lollms-webui version. 2. Apply commit 9b0f6c4ad1b9a2cd3466dcefaa278df30feed67e. 3. Restart the webui service.

🔧 Temporary Workarounds

Disable SVG file uploads

all

Temporarily block SVG file uploads to the AI module

Modify webui configuration to reject .svg files

Implement Content Security Policy

all

Add CSP headers to prevent script execution from uploaded files

Add 'Content-Security-Policy: default-src 'self'' to web server headers

🧯 If You Can't Patch

  • Disable file upload functionality to AI module completely
  • Implement strict file type validation and sanitization for all uploaded files

🔍 How to Verify

Check if Vulnerable:

Check if running lollms-webui version 9.6 and test SVG file upload with embedded JavaScript

Check Version:

Check lollms-webui version in web interface or configuration files

Verify Fix Applied:

Verify commit 9b0f6c4ad1b9a2cd3466dcefaa278df30feed67e is applied and test SVG uploads no longer execute scripts

📡 Detection & Monitoring

Log Indicators:

  • Unusual SVG file uploads
  • Multiple failed upload attempts
  • Requests to external domains from SVG rendering

Network Indicators:

  • Unexpected redirects from lollms-webui instance
  • External script loading from uploaded files

SIEM Query:

source="lollms-webui" AND (file_extension=".svg" OR url_contains("redirect"))

📊 Metadata

CVE ID: CVE-2024-5125
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
CWE: CWE-79
Published: November 14, 2024
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5125, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)