Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the create_post function within backend/routers/social/__init__.py, where user-provided content is directly assigned to the DBPost model without sanitization. This allows attackers to inject and store malicious JavaScript, which is executed in the browsers of users viewing the Home Feed, including administrators. This can lead to account takeover, session hijacking, and wormable attacks. The issue is resolved in version 2.2.0.
AnalysisAI
Stored cross-site scripting in parisneo/lollms versions prior to 2.2.0 enables unauthenticated attackers to inject malicious JavaScript through unsanitized social post content in the create_post function. Injected scripts execute in victims' browsers when viewing the Home Feed, enabling account takeover, session hijacking, and wormable propagation across the platform. The CVSS vector indicates network-accessible exploitation requiring user interaction, with scope change allowing cross-domain impact. No public exploit identified at time of analysis, but low attack complexity increases weaponization risk.
Technical ContextAI
Root cause lies in direct assignment of user-controlled input to DBPost model within backend/routers/social/__init__.py without HTML entity encoding or content security policy enforcement. CWE-79 stored variant allows persistent payload delivery. Scope change (S:C) in CVSS vector indicates DOM trust boundary violation enabling attacks beyond the vulnerable component's security context.
RemediationAI
Vendor-released patch: version 2.2.0 resolves the vulnerability through input sanitization in the create_post function. Organizations should immediately upgrade to 2.2.0 or later via standard package management. Verify installation from official repository at https://github.com/parisneo/lollms. The specific remediation commit 9767b882dbc893c388a286856beeaead69b8292a implements output encoding for user-generated content. If immediate upgrade is infeasible, disable social posting features or implement web application firewall rules filtering script tags in POST request bodies to /social endpoints. Consult vendor advisory at https://huntr.com/bounties/099aa4fe-7165-4337-889c-3fb4f1aa71aa for additional context.
More in Parisneo Lollms
View allWeak JWT secret key in LoLLMs 2.1.0 enables offline brute-force recovery, allowing remote unauthenticated attackers to f
Cross-site scripting in parisneo/lollms prior to version 2.2.0 allows unauthenticated remote attackers to execute arbitr
Insufficient session expiration in parisneo/lollms allows authenticated attackers with high privileges to maintain unaut
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21320
GHSA-8wrq-fv5f-pfp2