VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Cross-site Scripting (XSS) in open-webui/open-webui

CVE-2024-8017

Description

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openwebui/Open Webuillm-fuzzy2 versions
    <=0.3.8+ 1 more
    • (no CPE)range: <=0.3.8
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.