[GH-ISSUE #22315] Security: Stored XSS via HTML file serving #58362

Closed
opened 2026-05-05 23:02:16 -05:00 by GiteaMirror · 6 comments
Owner

Originally created by @Vext-Labs on GitHub (Mar 6, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22315

This issue was filed in error and has been withdrawn. We apologize for the noise.

Originally created by @Vext-Labs on GitHub (Mar 6, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/22315 This issue was filed in error and has been withdrawn. We apologize for the noise.
Author
Owner

@Classic298 commented on GitHub (Mar 6, 2026):

🤨
what do you mean 03-06 (today) + 90 days public disclosure?
posting an issue is public disclosure.

Next time using the Github security reporting mechanism we have: https://github.com/open-webui/open-webui/security

and read through the vulnerability reporting guidelines to ensure you are reporting a valid vulnerability. I am reading the admin has to do something malicious. Might fall into one of the exceptions.

<!-- gh-comment-id:4012513469 --> @Classic298 commented on GitHub (Mar 6, 2026): 🤨 what do you mean 03-06 (today) + 90 days public disclosure? posting an issue is public disclosure. Next time using the Github security reporting mechanism we have: https://github.com/open-webui/open-webui/security and read through the vulnerability reporting guidelines to ensure you are reporting a valid vulnerability. I am reading the admin has to do something malicious. Might fall into one of the exceptions.
Author
Owner

@Vext-Labs commented on GitHub (Mar 6, 2026):

@Classic298 — You're absolutely right, and we apologize. We should have used your private security reporting at https://github.com/open-webui/open-webui/security instead of filing a public issue. That was a failure in our disclosure process.

You're also correct that the disclosure timeline is contradictory — posting publicly on day 1 is not "responsible disclosure + 90 days." That boilerplate language should have been removed for public filings.

Regarding the finding itself: you raise a fair point that it requires admin action (uploading a malicious HTML file). We understand if this doesn't meet your vulnerability threshold given the trust model for admin users.

We'll use your security reporting process for any future findings. Apologies for the noise.

<!-- gh-comment-id:4012689053 --> @Vext-Labs commented on GitHub (Mar 6, 2026): @Classic298 — You're absolutely right, and we apologize. We should have used your private security reporting at https://github.com/open-webui/open-webui/security instead of filing a public issue. That was a failure in our disclosure process. You're also correct that the disclosure timeline is contradictory — posting publicly on day 1 is not "responsible disclosure + 90 days." That boilerplate language should have been removed for public filings. Regarding the finding itself: you raise a fair point that it requires admin action (uploading a malicious HTML file). We understand if this doesn't meet your vulnerability threshold given the trust model for admin users. We'll use your security reporting process for any future findings. Apologies for the noise.
Author
Owner

@YasharF commented on GitHub (Mar 6, 2026):

@Classic298 Feel free to report this to Github. The issues is actually created by some automated AI spam thing which has spammed many repos.

<!-- gh-comment-id:4012698444 --> @YasharF commented on GitHub (Mar 6, 2026): @Classic298 Feel free to report this to Github. The issues is actually created by some automated AI spam thing which has spammed many repos.
Author
Owner

@Vext-Labs commented on GitHub (Mar 6, 2026):

Withdrawing this report. We apologize for the noise — this should have been filed through proper security disclosure channels, not as a public issue. Closing.

<!-- gh-comment-id:4012751465 --> @Vext-Labs commented on GitHub (Mar 6, 2026): Withdrawing this report. We apologize for the noise — this should have been filed through proper security disclosure channels, not as a public issue. Closing.
Author
Owner

@Vext-Labs commented on GitHub (Mar 6, 2026):

We apologize for the noise — these were inadvertently auto-reported as public GitHub issues, which should have never happened. They should have gone through proper security disclosure channels instead. Thank you for your understanding.

<!-- gh-comment-id:4012757735 --> @Vext-Labs commented on GitHub (Mar 6, 2026): We apologize for the noise — these were inadvertently auto-reported as public GitHub issues, which should have never happened. They should have gone through proper security disclosure channels instead. Thank you for your understanding.
Author
Owner

@Classic298 commented on GitHub (Mar 6, 2026):

@YasharF thanks for letting me know we will take appropriate action

<!-- gh-comment-id:4012899848 --> @Classic298 commented on GitHub (Mar 6, 2026): @YasharF thanks for letting me know we will take appropriate action
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#58362