Lucene search
Bbf0bd87-ece2-41be-b873-96928ee8fab9NVD:CVE-2024-6706HistoryAug 07, 2024 - 11:15 p.m.
CVE-2024-6706
2024-08-0723:15:41
CWE-79
bbf0bd87-ece2-41be-b873-96928ee8fab9
web.nvd.nist.gov
4
attackers
malicious prompt
arbitrary javascript
web page
cve-2024-6706
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Affected configurations
Node
openwebuiopen_webuiMatch0.1.105
debiandebian_linuxMatch12.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openwebui | open_webui | 0.1.105 | cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
packetstorm
packetstorm
Open WebUI 0.1.105 Persistent Cross Site Scripting
2024-08-08 00:00:00
veracode
veracode
Cross Site Scripting (XSS)
2024-08-09 08:25:46
zdt
zdt
Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability
2024-08-08 00:00:00
github
github
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-08 00:31:44
korelogic
korelogic
Open WebUI Stored Cross-Site Scripting
2024-08-07 00:00:00
cve
cve
CVE-2024-6706
2024-08-07 23:15:41
osv
osv
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-08 00:31:44
cvelist
cvelist
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-6706