CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

PT-2026-41198

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...

PT-2025-41199

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description An administrative user can inject JavaScript or other content into the Annual Report Enterprise Banner image upload field. This injected content is executed when other users generate an...

The vulnerability of the NX-OS network operating system allows a hacker to induce a maintenance failure.

The vulnerability of the NX-OS network operating system’s banner implementation is related to resource management errors. Exploiting this vulnerability allows a malicious actor to remotely cause service failures by manipulating requests to establish Telnet sessions...

Cisco Nexus and MDS NX-OS Denial of Service Vulnerabilities

Cisco NX-OS on Nexus 4000 devices, etc. and MDS 9000 devices is the United States Cisco Cisco company's set of operating system running in the Nexus 4000 and other series of switch equipment and MDS 9000 series of fiber optic switch equipment. A security vulnerability exists in the implementation...