11 matches found
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-63885
The CVE-2025-63885 vulnerability affects AIxBlock at commit 04f305, where the model_desc field does not validate input, enabling stored XSS that can cause arbitrary web scripts/HTML to be executed in a victim’s browser. Impact per the entry is Low for confidentiality and integrity, with no availa...
PT-2025-44437
Name of the Vulnerable Software and Affected Versions AIxBlock commit 04f305 Description A stored cross-site scripting XSS issue exists in AIxBlock commit 04f305. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the model desc field. Recommendatio...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2024-7990
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...
GHSA-GJ27-76GQ-5V3P Open WebUI stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...
Open WebUI stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...
CVE-2024-7990
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...
CVE-2024-7990
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...
CVE-2024-7990 Stored Cross-Site Scripting in open-webui/open-webui
A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...