Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
"https://github.com/pypa/advisory-database/blob/main/vulns/open-webui/PYSEC-2026-1722.yaml"