19 matches found
CVE-2026-44721
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-44721
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-44721
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
EUVD-2026-30625
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-44721 Open WebUI: Stored XSS via Model Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-32618
Discourse (open-source discussion platform) has a channel membership inference vulnerability affecting versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, where chat user search could reveal channel membership without authorizat...
EUVD-2026-17555
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...
CVE-2026-32618
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...
Discourse 信息泄露漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...
SyncFusion 安全漏洞
SyncFusion is a set of enterprise-level UI component development tools provided by the American company SyncFusion. Version 30.1.37 of SyncFusion contains a security vulnerability. This vulnerability stems from the Document-Editor’s reply comment field and Chat-UI chat messages, and could lead to...
CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
EUVD-2019-7430
Malware in sbrugna...
EUVD-2019-0675
Malware in sbrugna...
CVE-2019-16148
Sakai through 12.6 allows XSS via a chat user name...
CVE-2025-2321
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be...
GHSA-Q8WC-9XVP-G3C3 Cross-site scripting in Sakai
Sakai through 12.6 allows XSS via a chat user name...
CVE-2019-16148
Sakai through 12.6 allows XSS via a chat user name...
CVE-2019-16148
Sakai through 12.6 allows XSS via a chat user name...
Cross site scripting
Sakai through 12.6 allows XSS via a chat user name...