Lucene search
+L

4 matches found

Circl
Circl
added 2025/05/05 8:16 p.m.34 views

CVE-2025-46719

creationtimestamp| type| source ---|---|--- 2025-05-05 20:16:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrlszb24 2025-05-05 21:44:13+00:00| seen| https://t.me/cvedetector/24477 2026-07-07 17:36:06+00:00| seen|...

6.4CVSS5.9AI score0.00449EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/05 6:50 p.m.25 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS0.00449EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/05 6:50 p.m.13 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS6.5AI score0.00449EPSS
Exploits1References3
CVE
CVE
added 2025/05/05 6:50 p.m.102 views

CVE-2025-46719

Open WebUI vulnerability CVE-2025-46719 affects versions prior to 0.6.6. A flaw in rendering certain HTML tags in chat messages allows stored cross-site scripting (XSS) in chat transcripts, which are accessible by other users on the same server or via Open WebUI community sharing. In the user’s b...

6.4CVSS6.5AI score0.00449EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder