CPE

Cpe:2.3:a:openwebui:open_webui::::::::

1 brief RSS

Open WebUI Stored XSS Vulnerability via OAuth Profile Picture

Open WebUI is vulnerable to stored cross-site scripting (XSS) via OAuth profile picture handling, allowing an attacker to inject malicious SVG code and potentially takeover user accounts by exfiltrating JWT tokens.

open-webui xss stored-xss oauth

2r 1t 2c 3i 47m ago

Cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*

Open WebUI Stored XSS Vulnerability via OAuth Profile Picture

Cpe:2.3:a:openwebui:open_webui::::::::