Open WebUI DOM-Based Cross-Site Scripting Vulnerability in Rich Text Prompt Insertion

A DOM-based cross-site scripting vulnerability has been identified in Open WebUI versions through 0.6.34. The issue arises in the prompt insertion feature when 'Insert Prompt as Rich Text' is enabled. In this scenario, the prompt body is directly assigned to the DOM using .innerHtml without proper sanitization. This flaw allows users with permission to create prompts to inject malicious payloads that could be executed by others who use the corresponding prompt command.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user's session. This could lead to session hijacking by exfiltrating the session token to an attacker-controlled server. Additionally, if an admin user is compromised, it could result in remote code execution on the server.

Reproduction

To reproduce this vulnerability, create a custom prompt while 'Insert Prompt as Rich Text' is enabled. Once the prompt is saved, use the corresponding command to insert it into a chat window. The injected JavaScript will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users should update to Open WebUI version 0.6.35 or later, where this vulnerability has been fixed. For those unable to update, it is recommended to disable the 'Insert Prompt as Rich Text' feature.