CVE-2024-8017

Cross-site Scripting (XSS) in open-webui/open-webui

Description

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin.

INFO

Published Date :

2025-03-20T10:11:31.223Z

Last Modified :

2025-03-20T14:19:30.503Z

Source :

@huntr_ai

AFFECTED PRODUCTS

The following products are affected by CVE-2024-8017 vulnerability.

Vendors	Products
Open-webui	Open-webui
Openwebui	Open Webui

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8017.

URL	Resource
https://huntr.com/bounties/ef06c7c8-1cb2-42a7-a6e6-17b2e1c744f7

CVSS Vulnerability Scoring System

V3.0

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact