5 matches found
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes...
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...
GHSA-J274-M559-CJ4J Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...
CVE-2024-7044
Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in Open WebUI version 0.3.8, which stems from the presence of stored cross-site scripting in the chat file upload function, which could lead to user...