Product
A high-severity stored Cross-Site Scripting (XSS) vulnerability, CVE-2025-46719, exists in Open WebUI versions prior to 0.6.6 due to improper rendering of HTML tags in chat messages, specifically an unescaped markdown token in `MarkdownTokens.svelte`. This allows attackers to inject malicious JavaScript into chat transcripts, which executes in a user's browser upon viewing, enabling access token theft, full account takeover, and, if targeting an administrator, Remote Code Execution (RCE) on the backend server via malicious Python functions.