I4M6Da

**Name of the Vulnerable Software and Affected Versions** open-webui versions prior to 0.6.16 **Description** A security issue exists in open-webui. The JWT Key Handler component contains a weakness related to insufficiently random values generated due to manipulation of the `WEBUI SECRET KEY` argument within the file `backend/start windows.bat`. This allows for remote attacks, though exploitation is considered difficult and requires a high level of complexity. The exploit has been publicly disclosed. **Recommendations** Update to a version of open-webui greater than 0.6.16.

**Name of the Vulnerable Software and Affected Versions** funadmin versions up to 7.1.0-rc4 **Description** A security issue exists in funadmin that allows for cross site scripting. The issue is located in the file `app/backend/view/index/index.html` within the Backend Interface component. Manipulation of the `Value` argument can trigger the issue, and it is possible to carry out the attack remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** funadmin versions up to 7.1.0-rc4 **Description** A flaw exists in funadmin that allows for remote deserialization. This issue is located within the `getMember` function in the `app/common/service/AuthCloudService.php` file, part of the Backend Endpoint component. The `cloud account` argument is susceptible to manipulation, leading to the deserialization issue. The exploit for this issue is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 7.1.0-rc4 are affected. As a temporary workaround, consider restricting access to the `getMember` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** funadmin versions up to 7.1.0-rc4 **Description** A flaw exists in funadmin that could allow information disclosure. This issue is related to the `getMember` function within the `app/frontend/view/login/forget.html` file. The attack can be initiated remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** funadmin versions through 7.1.0-rc4 **Description** A security flaw exists in funadmin that allows for weak password recovery. The issue is located in the `repass` function within the `app/frontend/controller/Member.php` file. Manipulation of the `forget code`/`vercode` argument can lead to exploitation. Remote exploitation is possible, but is considered difficult. The exploit has been publicly released. **Recommendations** Versions prior to 7.1.0-rc4 should be updated. As a temporary workaround, consider restricting access to the `repass` function within the `app/frontend/controller/Member.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** funadmin versions up to 7.1.0-rc4 **Description** A weakness exists in funadmin that could lead to improper authorization. This is due to a manipulation possible in the `setConfig` function within the `app/backend/controller/Ajax.php` file of the Configuration Handler component. The attack can be executed remotely. The exploit has been made publicly available. The vendor was contacted but did not respond. **Recommendations** Update funadmin to a version later than 7.1.0-rc4.