CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

April 20, 2025

CVE ID : CVE-2025-3801

Published : April 19, 2025, 2:15 p.m. | 14 hours, 38 minutes ago

Description : A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3804 – Thautwarm VSCode-Diana Jinja2 Template Handler Injection Vulnerability

Next Article CVE-2025-39587 – Stylemix Cost Calculator Builder SQL Injection

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Qwen Researchers Introduce CodeElo: An AI Benchmark Designed to Evaluate LLMs’ Competition-Level Coding Skills Using Human-Comparable Elo Ratings

This upcoming Xbox and PC dark fantasy RPG looks a bit too good to be true — Alkahest teases some incredible combat

Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

The best bamboo sheets for summer are 35% off for Memorial Day

Peux OS is an Arch-based Linux distribution

Perform a two-step database migration from an on-premises Oracle database to Amazon RDS for Oracle using RMAN

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

Related Posts