Open WebUI 0.1.105 Stored XSS via Malicious Prompt

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Affected Software: - Software: Open WebUI - Version: 0.1.105 2. Vulnerability Description: - Type: Open WebUI Stored Cross-Site Scripting - Description: Attackers can craft a malicious prompt that forces the language model to execute arbitrary JavaScript within the web context. 3. Technical Description: - Response Handling: Responses are retrieved from the API and displayed to users by inserting them into the webpage. - Issue: Special characters inserted in Markdown are not encoded, causing issues during rendering. 4. Mitigation: - Recommendation: Due to lack of response from the vendor, the maintainer closed the GitHub security report on May 2, 2024. As of publication, the issue appears to have been silently fixed. 5. Discoverers: - Found by: Jaggar Henry and Sean Segreti 6. Disclosure Timeline: - Timeline: From March 5, 2024, to August 7, 2024, KoreLogic communicated with Open WebUI and submitted vulnerability details, but received no response. 7. Exploitation: - Steps: Trigger the vulnerability by clicking “New Chat”, selecting a language model, and entering a specific prompt. 8. Copyright and Disclaimer: - Copyright: Content is copyrighted by KoreLogic, Inc. in 2024. - Disclaimer: Content is licensed under the Creative Commons Attribution Share-Alike 4.0 (United States) License. This information provides a detailed description of the Open WebUI Stored Cross-Site Scripting vulnerability, including the affected software, exploitation method, and mitigation measures.

Goal Reached Thanks to every supporter — we hit 100%!

Open WebUI 0.1.105 Stored XSS via Malicious Prompt