Moderate severityNVD Advisory· Published Aug 7, 2024· Updated Aug 8, 2024
Open WebUI Stored Cross-Site Scripting
CVE-2024-6706
Description
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuiPyPI | <= 0.1.105 | — |
Affected products
2- Open WebUI/Open WebUIv5Range: 0.1.105
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-5jp3-wp5v-5363ghsaADVISORY
- korelogic.com/Resources/Advisories/KL-001-2024-005.txtghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-6706ghsaADVISORY
News mentions
0No linked articles in our index yet.