Sean Segreti

**Name of the Vulnerable Software and Affected Versions** Open WebUI version 0.1.105 **Description** The issue allows attackers to craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. This enables attackers to inject malicious scripts. **Recommendations** For Open WebUI version 0.1.105, patch immediately and validate user input to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows attacker-controlled files to be uploaded to arbitrary locations on the web server's filesystem by exploiting a path traversal vulnerability. This enables potential unauthorized access and modification of sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.