Open WebUI Stored Cross-Site Scripting Vulnerability in Banner Component Allows Privilege Escalation

A stored cross-site scripting vulnerability has been identified in Open WebUI versions prior to 0.8.0. The issue arises in the Banner component, where improper input sanitization allows a malicious administrator to inject harmful payloads into the global banner. This vulnerability is particularly concerning as it enables privilege escalation; the injected banner is displayed to all users, including the Super Admin, thereby bypassing existing security measures. An attacker could exploit this to steal the Super Admin's session token.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, with the injected script executed in the context of the Super Admin, potentially leading to session token theft and unauthorized access to administrative privileges.

Reproduction

To reproduce this vulnerability, log in as an administrator and navigate to the Banners section under the Interface Settings. Inject a payload that, when clicked, will alert the user's session token. Once the banner is saved, it will be displayed to all users, including the Super Admin, who will unknowingly execute the injected script.

Remediation

Users should update to Open WebUI version 0.8.0 or later, where this vulnerability has been fixed.