Medium severity5.4NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2025-0192

Description

A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially leading to the theft of user prompt history and other sensitive information.

Affected products

Wandb/Openuiinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/5f82c722-b674-456a-8691-a6565bf90e39nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000