Product
An authenticated attacker can achieve stored Cross-Site Scripting (XSS) in Open WebUI by manually modifying chat history requests to inject malicious HTML into citation document metadata, leading to session takeover or potential Remote Code Execution (RCE) on the server if an administrator is targeted.