Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'

Summary A Stored XSS vulnerability has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as...

EUVD-2025-201263

Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'...

CVE-2025-65959

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...

CVE-2025-65959

CVE-2025-65959 concerns a stored XSS in Open WebUI’s Notes PDF download feature. The vulnerability arises when HTML content from a Markdown note is assigned directly to innerHTML during PDF generation, enabling arbitrary JavaScript execution (e.g., SVG-based payloads) and session-token theft. Exp...

PT-2025-49146

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Stored Cross-Site Scripting XSS issue was identified in the Notes PDF download functionality. ...

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

PT-2025-41469

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX allows authenticated users to read and delete arbitrary files with 'NT AUTHORITYNetworkService' privileges through requests to the...

EUVD-2019-1999

Malware in sbrugna...

Important: thunderbird

Issue Overview: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urando...

SUSE CVE-2025-5986

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

CVE-2024-11133

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets...

CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

PT-2024-36524 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika repository version latest Description: A directory traversal issue exists in the "/api/download-project-pdf" endpoint due to insufficient sanitization of the project name parameter in the download project pdf function. This...

CVE-2024-3585 Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

CVE-2021-23203

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...

CVE-2021-23203

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...

CVE-2020-26173

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...

Information disclosure

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...

CVE-2020-26173

CVE-2020-26173 concerns Tangro Business Workflow (versions before 1.18.1) with an incorrect access control implementation that lets an attacker download documents (PDF) by supplying a valid document ID and token. No further authentication is required, enabling information disclosure of documents ...

Client PDF Download Detection

Binary data 5351.prm...