Vulnerabilities > Openwebui > Open Webui > 0.1.105
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-7806 | Unspecified vulnerability in Openwebui Open Webui A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). | 8.8 |
| 2024-08-07 | CVE-2024-6706 | Cross-site Scripting vulnerability in Openwebui Open Webui 0.1.105 Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | 6.1 |
| 2024-08-07 | CVE-2024-6707 | Path Traversal vulnerability in Openwebui Open Webui 0.1.105 Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | 8.8 |