CVE-2024-7983 Denial of Service in open-webui/open-webui

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

CVE-2024-7983 Denial of Service in open-webui/open-webui

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

CVE-2024-7983

Open-WebUI 0.3.8 exposes an unauthenticated markdown-to-HTML endpoint (likely /api/v1/utils/markdown). A crafted payload can cause high CPU/time consumption, rendering the server unresponsive (DoS). Remediation: upgrade to open-webui version 0.5.13 or newer.

CVE-2024-7044 Stored XSS in open-webui/open-webui

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

CVE-2024-7044 Stored XSS in open-webui/open-webui

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

CVE-2024-7044

Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...

CVE-2024-12868

...

CVE-2024-12868

CVE-2024-12868 is rejected and should not be used; reference CVE-2024-47874.

CVE-2024-12868

...

CVE-2024-7045 Improper Access Control in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

CVE-2024-7045 Improper Access Control in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

CVE-2024-7045

In open-webui/open-webui v0.3.8, an improper access-control vulnerability allows attackers to read prompts via unauthenticated/admin verification by calling /api/v1/prompts/ to retrieve admin-created prompt data (including IDs) and then /api/v1/prompts/command/{command_id} for additional prompt i...

CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

CVE-2024-10019

The CVE-2024-10019 entry concerns parisneo/lollms-webui V12 (Strawberry), where the start_app_server function does not sanitize the app_name parameter, enabling path traversal and OS command injection. This can allow an attacker to upload a malicious server.py and run arbitrary code. Connected so...

CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

CVE-2024-11045

The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....

CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

CVE-2024-9920

CVE-2024-9920 affects parisneo/lollms-webui (v12). The vulnerability occurs in the “Send file to AL” feature, which accepts file uploads with extensions such as .py/.sh/.bat and then can execute them via the /open_file endpoint. Root cause: files are opened with subprocess.Popen without proper va...