CVE-2024-8017

Critical CVSS: 9.0

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin.

Vendor

Openwebui

Product

Open Webui

CWE

CWE-79

Yayın Tarihi

2025-03-20 10:15:38

Güncelleme

2025-07-21 20:08:16

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-79 Open Webui CRITICAL Openwebui 2025

Referanslar

https://huntr.com/bounties/ef06c7c8-1cb2-42a7-a6e6-17b2e1c744f7

Benzer Kayıtlar

Medium

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.…

High

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.…

Medium

CVE-2026-29070

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.…

Low

CVE-2026-29071

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.…

High

CVE-2026-26192

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.…

High

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.…