Open WebUI Stored Cross-Site Scripting Vulnerability in Profile Image URL Field

A stored cross-site scripting vulnerability has been identified in Open WebUI, a self-hosted AI platform, in versions prior to 0.8.0. The issue arises in the user profile update form, where the profile_image_url field allows arbitrary data URIs without proper MIME-type validation. This flaw enables the injection of scripts that can be executed in the context of the application.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the application context, potentially leading to account takeover, including for admin users.

Reproduction

The vulnerability can be reproduced by uploading a profile image URL that includes a data URI with an SVG image containing embedded scripts. Once the URL is saved, the scripts will execute when the profile image is loaded, due to the application serving the image with a media type that allows script execution.

Remediation

Users can update to Open WebUI version 0.8.0 or later, where this vulnerability has been fixed.