Vulnerabilities > Openwebui
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-07 | CVE-2024-6706 | Cross-site Scripting vulnerability in Openwebui Open Webui 0.1.105 Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | 6.1 |
2024-08-07 | CVE-2024-6707 | Path Traversal vulnerability in Openwebui Open Webui 0.1.105 Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | 8.8 |