CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/evaluations/feedback endpoint, which had a batch...

CVE-2025-56697

A Stored Cross-Site Scripting XSS vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php...

PT-2025-34741

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A security issue exists in SourceCodester Online Bank Management System 1.0. The vulnerability is located in the /feedback.php file, within an unknown function. Manipulatio...

CVE-2021-25647

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly o...

1 1 4. Site Navigation guestbook injection vulnerability-vulnerability warning-the black bar safety net

Rain forest wind the 1 1 4. Site Navigation program message file exists injection vulnerabilities. 漏洞 文件 feedback/feedback.php An attacker using the EXP can get administrator ID and MD5 password. Version:=1.5 EXP is as follows: ? php $sbcopyright=' ---------------------------------------- 114la...