7 matches found
EUVD-2026-30630
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
CVE-2026-45396
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...
OpenBMCS 跨站请求伪造漏洞
OpenBMCS is a building management and control system from OpenBMCS Australia. A cross-site request forgery vulnerability exists in OpenBMCS version 2.4, which stems from a cross-site request forgery issue in the sendFeedback.php endpoint that could lead to the execution of an administrator action...
PT-2025-47171
Name of the Vulnerable Software and Affected Versions kashipara School Management System version 1.0 Description The software is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /client user/feedback.php endpoint. An attacker could potentially inject malicious scripts...
PT-2024-28865 · Unknown · Kashipara Online Exam System
Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/admin/afeedback.php" endpoint, allowing remote attackers to execute arbitrary code via the rname and email parameter fields. This...