A critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click Remote Code Execution (RCE) and full account hijacking. The security flaw resides in the profile image upload […]

The post Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/open-webui-file-upload-vulnerability/