Open WebUI Stored Cross-Site Scripting Vulnerability
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Advisories for Pypi/Open-Webui package
2024
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.