GHSA-wvcx-j62q-45qw: XSS
First published: Sat Apr 19 2025(Updated: )
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/songquanpeng/one-api | <=0.6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-wvcx-j62q-45qw?
The severity of GHSA-wvcx-j62q-45qw is classified as problematic.
How do I fix GHSA-wvcx-j62q-45qw?
To fix GHSA-wvcx-j62q-45qw, upgrade the one-api package to a version later than 0.6.10.
What type of vulnerability is GHSA-wvcx-j62q-45qw?
GHSA-wvcx-j62q-45qw is a cross-site scripting (XSS) vulnerability affecting the System Setting Handler component.
Can GHSA-wvcx-j62q-45qw be exploited remotely?
Yes, GHSA-wvcx-j62q-45qw can be exploited remotely due to the manipulation of the Homepage Content argument.
Which software versions are affected by GHSA-wvcx-j62q-45qw?
GHSA-wvcx-j62q-45qw affects the one-api package up to version 0.6.10.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wvcx-j62q-45qw
- alias/CVE-2025-3801
- agent/software-canonical-lookup
- agent/weakness
- agent/source
- agent/severity
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- agent/tags
- collector/github-advisory
- package-manager/go