CNNVD-202512-461 Information
Dec 04, 2025
cve
CNNVD ID
CNNVD-202512-461
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.6.37之前版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本攻击,可能导致任意JavaScript执行和会话令牌窃取。
Description (English)
Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. The pre-Open WebUI 0.6.37 version had a cross-site script loophole, which originated in a storage-type cross-site script attack, which could lead to arbitrary JavaScript execution and the steal of message badges.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Open WebUI
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dce https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf
Patch
https://github.com/open-webui/open-webui/releases
Share on: