Open WebUI Stored Cross-Site Scripting Vulnerability via iFrame Embeds in Response Messages

A stored cross-site scripting vulnerability has been identified in Open WebUI, a self-hosted AI platform, in versions prior to 0.6.44. The issue arises from the ability to manually modify chat history to include malicious payloads in the 'embeds' property of response messages. These payloads are executed in an iFrame with a sandbox that permits scripts and same-origin access, bypassing the intended security restrictions. The vulnerability is triggered when the chat is shared, creating a link that can be distributed to other users on the instance.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the chat. This could lead to session hijacking or, for admin users, remote code execution on the server.

Reproduction

To reproduce this vulnerability, create a chat and manually edit the response to include an embed that contains a script payload. Once the message is saved, the script will execute when the chat is viewed, especially if it has been shared with other users.

Remediation

Users can update to Open WebUI version 0.6.44 or later, where this vulnerability has been patched.