Lucene search
GoogleOSV:GHSA-5JP3-WP5V-5363HistoryAug 08, 2024 - 12:31 a.m.
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-0800:31:44
Google
osv.dev
4
webui
cross-site scripting
vulnerability
attackers
javascript
software
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.7%
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Related
vulnrichment
vulnrichment
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
packetstorm
packetstorm
Open WebUI 0.1.105 Persistent Cross Site Scripting
2024-08-08 00:00:00
github
github
Open WebUI Stored Cross-Site Scripting Vulnerability
2024-08-08 00:31:44
korelogic
korelogic
Open WebUI Stored Cross-Site Scripting
2024-08-07 00:00:00
veracode
veracode
Cross Site Scripting (XSS)
2024-08-09 08:25:46
zdt
zdt
Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability
2024-08-08 00:00:00
cve
cve
CVE-2024-6706
2024-08-07 23:15:41
cvelist
cvelist
CVE-2024-6706 Open WebUI Stored Cross-Site Scripting
2024-08-07 23:01:15
nvd
nvd
CVE-2024-6706
2024-08-07 23:15:41
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.7%
Related for OSV:GHSA-5JP3-WP5V-5363