Vulnerabilities > Openwebui > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-7049 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. | 5.4 |
| 2024-08-07 | CVE-2024-6706 | Cross-site Scripting vulnerability in Openwebui Open Webui 0.1.105 Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | 6.1 |