Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuinpm | < 0.6.37 | 0.6.37 |
Affected products
1- Range: < 0.6.37
Patches
103cc6ce8eb5crefac/sec: sanitize note pdf download
1 file changed · +3 −1
src/lib/components/notes/utils.ts+3 −1 modified@@ -1,3 +1,5 @@ +import DOMPurify from 'dompurify'; + export const downloadPdf = async (note) => { const [{ default: jsPDF }, { default: html2canvas }] = await Promise.all([ import('jspdf'), @@ -9,7 +11,7 @@ export const downloadPdf = async (note) => { const virtualHeight = 1400; // Fixed height (adjust as needed) // STEP 1. Get a DOM node to render - const html = note.data?.content?.html ?? ''; + const html = DOMPurify.sanitize(note.data?.content?.html ?? ''); const isDarkMode = document.documentElement.classList.contains('dark'); let node;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-8wvc-869r-xfqfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65959ghsaADVISORY
- github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dceghsax_refsource_MISCWEB
- github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqfghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.