CNNVD-202511-856 Information
CNNVD ID
CNNVD-202511-856
Related CVE
- CNNVD Published: 2025-11-08
Description (Chinese)
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.6.34及之前版本存在跨站脚本漏洞,该漏洞源于将提示正文分配给DOM接收器innerHtml时未进行清理,可能导致跨站脚本攻击。
Description (English)
Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. Open WebUI 0.6.34 and previous versions had a cross-site script loophole, which stemmed from the fact that the reminder text had not been cleared at the time it was assigned to the DOM receiver, InnerHtml, and could lead to a cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Open WebUI
Published
2025-11-08
Last Modified
2026-02-24
References
https://github.com/open-webui/open-webui/blob/7a83e7dfa367d19f762ec17cac5e4a94ea2bd97d/src/lib/components/common/RichTextInput.svelte#L348 https://github.com/open-webui/open-webui/security/advisories/GHSA-w7xj-8fx7-wfch https://github.com/open-webui/open-webui/commit/eb9c4c0e358c274aea35f21c2856c0a20051e5f1 https://access.redhat.com/security/cve/cve-2025-64495
Patch
https://github.com/open-webui/open-webui/releases
Share on: