Lucene search
K

5 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.15 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS0.002EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:47 p.m.6 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS6AI score0.002EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/17 2:14 p.m.4 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown file preview process when rendering Mermaid blocks with a permissive security configuration. An attacker can execute arbitrary JavaScript in the context of the victim'...

8.7CVSS5.9AI score0.002EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/16 11:0 p.m.5 views

EUVD-2026-23330

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.4AI score0.00306EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/29 11:15 p.m.1 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

9CVSS5.5AI score0.01945EPSS
Exploits1References3
Rows per page
Query Builder