Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
10DescriptionCVE.org
A Cross-site Scripting (XSS) vulnerability was identified in the from_dict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.
AnalysisAI
Cross-site scripting in parisneo/lollms prior to version 2.2.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious HTML payloads injected through the unsanitized content field in the AppLollmsMessage.from_dict deserialization method. The changed scope (CVSS S:C) indicates impact beyond the vulnerable component, enabling session hijacking, account takeover, and potentially wormable attacks. Publicly available exploit code exists (reported v
Technical ContextAI
The vulnerability exists in parisneo/lollms, a large language model framework. The affected component is the from_dict method within the AppLollmsMessage class, which deserializes user-provided dictionary data into message objects. CWE-79 identifies this as an improper neutralization of input during web page generation - the classic stored or reflected XSS root cause. When the content field is deserialized from untrusted sources (likely API endpoints accepting JSON/dict payloads), no HTML entity encoding or sanitization occurs before the content is rendered in a web context. CPE cpe:2.3:a:parisneo:parisneo/lollms identifies the affected product as the parisneo/lollms application framework across all versions prior to the fix. The CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C indicates network-accessible exploitation with no privileges required, low complexity, but requiring user interaction (likely viewing a malicious message), with scope change suggesting the JavaScript executes in a different security context than the vulnerable component itself.
RemediationAI
Upgrade parisneo/lollms to version 2.2.0 or later, which includes the fix committed in https://github.com/parisneo/lollms/commit/9767b882dbc893c388a286856beeaead69b8292a that implements proper HTML encoding or sanitization of the content field during deserialization. Organizations unable to immediately upgrade should implement compensating controls including strict Content Security Policy (CSP) headers to mitigate JavaScript execution, input validation to reject HTML/JavaScript syntax in message content fields, and output encoding at render time using framework-native escaping functions. Review application logs for suspicious message payloads containing script tags, event handlers, or JavaScript protocols. Conduct security testing of all endpoints accepting message dictionary data to confirm exploitation paths are closed. For detailed technical context and proof-of-concept details, consult the huntr.com disclosure at https://huntr.com/bounties/d3d076a7-2a51-4e07-8d0e-91e28e76788e. Downstream applications using lollms as a dependency must update their dependency manifests and rebuild to incorporate the patched library version.
More in Parisneo Lollms
View allWeak JWT secret key in LoLLMs 2.1.0 enables offline brute-force recovery, allowing remote unauthenticated attackers to f
Stored cross-site scripting in parisneo/lollms versions prior to 2.2.0 enables unauthenticated attackers to inject malic
Insufficient session expiration in parisneo/lollms allows authenticated attackers with high privileges to maintain unaut
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21692