Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...

EUVD-2024-27011

Malicious code in bioql PyPI...

Session fixation

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2024-2045 Session 1.17.5 - LFR via chat attachment

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

PT-2024-18665 · Session · Session

Name of the Vulnerable Software and Affected Versions: Session version 1.17.5 Description: The application is vulnerable to Local File Read via chat attachments, allowing internal application files and public files from the user's device to be obtained without the user's consent. Recommendations:...

CVE-2019-1877

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...