CVE-2025-0192 Stored Cross-site Scripting (XSS) in wandb/openui

A stored Cross-site Scripting XSS vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially...

CVE-2025-0192

CVE-2025-0192 describes a stored XSS in wandb/openui’s edit HTML functionality. The vulnerability allows injection of malicious scripts when modified HTML is shared with another user, potentially exposing prompt history and other sensitive data. Connected sources confirm the issue and its impact ...

OpenUI 跨站脚本漏洞

OpenUI is a UI program open-sourced by Weights & Biases. A cross-site scripting vulnerability exists in OpenUI, which stems from a stored cross-site scripting vulnerability in the Edit HTML function that could lead to the theft of a user's alert history and other sensitive information...

CVE-2024-10649

CVE-2024-10649 affects wandb/openui (commit c945bb859979659add5f490a874140ad17c56a5d). The vulnerability arises from unauthenticated endpoints that allow uploading and downloading files to an AWS S3 bucket via the /v1/share/{id:str} endpoints, enabling potential denial of service, stored XSS, and...

OpenUI 访问控制错误漏洞

OpenUI is a UI program open-sourced by Weights & Biases. OpenUI suffers from an access control error vulnerability that stems from an unauthenticated endpoint allowing AWS S3 storage bucket file uploads and downloads, which can lead to denial of service, storage-based cross-site scripting, and...

Oracle Siebel Remote Vulnerability

Oracle Siebel is a customer relationship management software. Oracle Siebel has a remote security vulnerability in Siebel UI Framework. The vulnerability can be exploited by an attacker via 'HTTP' and the 'OpenUI' subcomponent is affected...

CVE-2016-5560

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI...

CVE-2016-5560

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI...

Design/Logic Flaw

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI...

CVE-2016-5560

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI...

CVE-2016-5560

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI...

CVE-2016-5560

CVE-2016-5560 affects Oracle Siebel CRM, specifically the Siebel UI Framework component (OpenUI) in Siebel CRM 16.1. The vulnerability allows remote authenticated users to affect confidentiality and integrity via OpenUI vectors. The available connected sources corroborate OpenUI exposure, but do ...

Unspecified Vulnerability in Oracle Siebel CRM Siebel UI Framework Component (CNVD-2016-09894)

Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions, which includes sales management, marketing management, customer service systems, call centers and other modules. A remote security vulnerability exists in the OpenUI subcomponent of t...