Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in open-webui/open-webui
Vulnerability Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Open WebUI 跨站脚本漏洞
Vulnerability Description
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.3.8版本存在跨站脚本漏洞,该漏洞源于聊天文件上传功能存在存储型跨站脚本,可能导致用户数据窃取、会话劫持、恶意软件分发和钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A