CVE-2025-0192

MEDIUM

wandb/openui < latest - Stored Cross-Site Scripting in Edit HTML Functionality

Title source: llm
STIX 2.1

Description

A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially leading to the theft of user prompt history and other sensitive information.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0028
EPSS Percentile 19.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
wandb/wandb/openui unspecified - latest
Published Mar 20, 2025
Tracked Since Feb 18, 2026