Open WebUI Stored Cross-Site Scripting Vulnerability via Unvalidated SVG Data in Webhook Profile Images

A stored cross-site scripting vulnerability has been identified in Open WebUI versions prior to 0.9.3. The issue arises in the channel webhook create and update process, which accepts arbitrary profile_image_url values, including base64-encoded SVG images. The application decodes these SVGs and serves them as image/svg+xml without proper sanitization. This lack of validation allows scripts embedded in the SVG, such as event handlers, to execute when the image URL is accessed in a browser.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the application's origin. This executed script runs for any user who views the malicious profile image, potentially leading to session token theft, unauthorized actions via same-origin APIs, or broader account compromise.

Reproduction

To reproduce this vulnerability, log into Open WebUI as an admin and enable the Channels (Beta) feature. Create a low-privilege user and use this account to create a channel. Then, add a webhook with a profile image URL that includes a base64-encoded SVG containing a script handler, such as an onload event. Once the webhook is created, the SVG will execute the embedded script when the profile image URL is accessed.

Remediation

Users can update to Open WebUI version 0.9.3 or later, where this vulnerability has been fixed.