MAL-2026-4742 Malicious code in aurapro-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cace553d74971e3660a0a7095662488f531348ba3e756696da5ff0ef9645ab22 The PyPI package aurapro-ui installs its code under the Python import namespace openwebui/ and registers two console scripts in entrypoints.txt —...

Cross Site Scripting (XSS)

openwebui is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the language model executing arbitrary JavaScript as a result of a maliciously crafted prompt...