Lucene search
K

5 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes...

8.9CVSS6.2AI score0.00477EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.9 views

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

8.9CVSS5.9AI score0.00477EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-J274-M559-CJ4J Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

6.8CVSS5.7AI score0.00477EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:10 a.m.47 views

CVE-2024-7044

Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...

8.9CVSS5.9AI score0.00477EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in Open WebUI version 0.3.8, which stems from the presence of stored cross-site scripting in the chat file upload function, which could lead to user...

8.9CVSS6.2AI score0.00477EPSS
Exploits1References1
Rows per page
Query Builder