Login Sign Up

CVE-2024-9900

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability in mudler/localai v2.21.1 allows attackers to inject malicious JavaScript code through the search functionality. When exploited, this can lead to session hijacking, cookie theft, or redirection to malicious sites. Users running the vulnerable version of localai are affected.

💻 Affected Systems

Products:
  • mudler/localai
Versions: v2.21.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with the search functionality enabled and accessible.

📦 What is this software?

Localai by Mudler

View all CVEs affecting Localai →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover through session cookie theft, data exfiltration, or installation of malware on user systems via browser exploitation.

🟠

Likely Case

Session hijacking leading to unauthorized access to user accounts and potential data theft.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting non-sensitive functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities are commonly exploited and tooling exists for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit a1634b219a4e52813e70ff07e6376a01449c4515

Vendor Advisory: https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515

Restart Required: Yes

Instructions:

1. Update to the latest version of localai. 2. Apply the security patch from commit a1634b219a4e52813e70ff07e6376a01449c4515. 3. Restart the localai service.

🔧 Temporary Workarounds

Disable Search Functionality

all

Temporarily disable the search feature until patching is complete.

Modify configuration to disable search endpoints

Implement WAF Rules

all

Add web application firewall rules to block XSS payloads in search parameters.

Add WAF rule: Detect and block script tags and JavaScript in search parameters

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to prevent script execution
  • Enable HTTP-only and secure flags on session cookies to limit impact

🔍 How to Verify

Check if Vulnerable:

Test search functionality with XSS payloads like <script>alert('XSS')</script> and check if script executes.

Check Version:

Check localai version in configuration or via API endpoint if available

Verify Fix Applied:

After patching, retest with XSS payloads to confirm they are properly sanitized and do not execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual search queries containing script tags or JavaScript code
  • Multiple failed search attempts with suspicious patterns

Network Indicators:

  • HTTP requests with script tags in search parameters
  • Unusual outbound connections from user browsers after search queries

SIEM Query:

search 'search' AND ('<script' OR 'javascript:' OR 'onerror=' OR 'onload=')

📊 Metadata

CVE ID: CVE-2024-9900
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.12% exploit probability (30.8th percentile)
Published: March 20, 2025
Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9900, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)