CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

CVE-2026-8754 AstrBotDevs AstrBot File Upload chat.py post_file path traversal

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

CVE-2026-42277

Onyx (open‑source AI platform) contains an IDOR in the GET /chat/file/{file_id} endpoint. Before versions 3.0.9, 3.1.6, and 3.2.6, any authenticated user could download another user’s uploaded files by supplying the file’s UUID, because authentication is checked but ownership is not. The vulnerab...

CVE-2026-42277 Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

Onyx 安全漏洞

Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the GET /chat/file/fileid endpoint, which validates the caller’s identity but does not check file ownership. This could allow...

EUVD-2024-33312

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes...

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

GHSA-J274-M559-CJ4J Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

CVE-2024-7044

Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in Open WebUI version 0.3.8, which stems from the presence of stored cross-site scripting in the chat file upload function, which could lead to user...

PT-2023-10354 · Unknown · Doc2K Re-Chat

Name of the Vulnerable Software and Affected Versions: Doc2k RE-Chat version 1.0 Description: A vulnerability was found in Doc2k RE-Chat, which has been classified as problematic. This affects an unknown part of the file js on radio-emergency.de /re chat.js. The manipulation leads to cross site...

PT-2023-29249 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS version 1.3.1 Description: A critical issue has been found in the file admin/article-chat.php, where the manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For...

CVE-2020-25399

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...

Cross site scripting

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...

PT-2017-18515 · Facebook · Whatsapp Messenger

Name of the Vulnerable Software and Affected Versions: Facebook WhatsApp Messenger versions prior to 2.16.323 for Android Description: The application stores files associated with a chat, such as Audio, Documents, Images, Video, and Voice Notes, in cleartext on the SD card, even after the chat is...