Lucene search
OpenwebuiOpen Webui
2 matches found
CVE-2024-7053
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HTTP...
9CVSS7.9AI score0.00126EPSS
CVE-2024-8017
An XSS vulnerability exists in open-webui/open-webui versions
9CVSS8.7AI score0.00077EPSS