Cross-Site Scripting Flaw in Open-WebUI by Open-WebUI Team
CVE-2024-8017
9CRITICAL
What is CVE-2024-8017?
A Cross-Site Scripting flaw has been identified in Open-WebUI versions up to 0.3.8 that affects the construction of HTML for tooltips. This vulnerability enables attackers to execute malicious scripts in the context of a victim's session, potentially allowing them to compromise user accounts by stealing chat histories, deleting chats, and escalating their privileges to administrative levels if the compromised user has admin rights. Immediate action is advised to mitigate the risk associated with this vulnerability.
Affected Version(s)
open-webui/open-webui <= unspecified