MEDIUM 6.1
GHSA-5jp3-wp5v-5363
Open WebUI Stored Cross-Site Scripting Vulnerability
Details
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / open-webui
Introduced in:
0 No fixed version published yet for open-webui (pip). Pin to a known-safe version or switch to an alternative.