Lucene search
GitHub Advisory DatabaseGHSA-5JP3-WP5V-5363HistoryAug 08, 2024 - 12:31 a.m.
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-0800:31:44
CWE-79
GitHub Advisory Database
github.com
6
webui
stored xss
vulnerability
attackers
malicious prompt
language model
arbitrary javascript
web page
software
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
17.7%
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Affected configurations
Node
openwebuiopen_webuiRange≤0.1.105
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openwebui | open_webui | * | cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
packetstorm
packetstorm
Open WebUI 0.1.105 Persistent Cross Site Scripting
2024-08-08 00:00:00
veracode
veracode
Cross Site Scripting (XSS)
2024-08-09 08:25:46
zdt
zdt
Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability
2024-08-08 00:00:00
korelogic
korelogic
Open WebUI Stored Cross-Site Scripting
2024-08-07 00:00:00
cve
cve
CVE-2024-6706
2024-08-07 23:15:41
osv
osv
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-08 00:31:44
cvelist
cvelist
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
nvd
nvd
CVE-2024-6706
2024-08-07 23:15:41
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
17.7%
Related for GHSA-5JP3-WP5V-5363