## Summary A **Stored XSS vulnerability** has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to **execute arbitrary JavaScript code** and **steal session tokens** when a victim downloads the note as PDF. This vulnerability can be exploited by **any authenticated user**, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. ## Details ### Vulnerability Location **File:** `src/lib/compon…
GHSA-8wvc-869r-xfqf: Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'
Open WebUI has a stored XSS vulnerability in its Notes PDF download functionality, allowing attackers to execute arbitrary JavaScript and steal session tokens.