ГлавнаяУязвимости → CVE-2024-8017
9критическая

CVE-2024-8017

Описание

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin.

Затрагиваемое ПО
Openwebui Open webui
CVSS
Балл9 — критическая
ВекторCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Источники
https://huntr.com/bounties/ef06c7c8-1cb2-42a7-a6e6-17b2e1c744f7