GHSA-XC8P-9RR6-97R2 Open WebUI vulnerable to Stored XSS via iFrame in citations model
Summary Manually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document...