Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/07 7:14 p.m.25 views

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

6.3CVSS6.8AI score0.003EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/05 6:45 p.m.10 views

CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

6.3CVSS6.4AI score0.003EPSS
Exploits1References3
cve
cve
added 2025/05/05 6:45 p.m.71 views

CVE-2025-46571

CVE-2025-46571 affects Open WebUI prior to version 0.6.6. Low-privileged users could upload HTML files containing JavaScript via the backend endpoint /api/v1/files/, which returns a file id. An attacker could lure an admin to click a link to such a file, causing the JavaScript to execute in the a...

6.3CVSS6.4AI score0.003EPSS
Exploits1References3Affected Software1
osv
osv
added 2025/05/05 6:45 p.m.10 views

CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

6.3CVSS6.9AI score0.003EPSS
Exploits1References5
Rows per page
Query Builder