Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible, no-auth crawl submission stores payload; scope changes to operator browser on dashboard load; no availability impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard.
AnalysisAI
Stored XSS in Crawl4AI's monitor dashboard (versions before 0.8.7) enables an unauthenticated remote attacker to inject persistent malicious markup by submitting a crafted crawl URL or triggering a crafted error message; the payload executes in any operator's browser that subsequently views the dashboard. This flaw is one of six vulnerabilities disclosed together in GHSA-365w-hqf6-vxfg, and its impact is materially amplified in unpatched deployments by a co-disclosed authentication bypass (CWE-306) that left all monitor endpoints, including the dashboard, accessible without credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Crawl4AI Docker API server must be deployed and reachable by the attacker - this is a non-default but supported deployment mode. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 with vector AV:N/AC:L/AT:N/PR:N/UI:P accurately captures the core trade-off: trivial, unauthenticated network exploitation offset by mandatory operator interaction and limited impact scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the Crawl4AI Docker API submits a POST request to the crawl endpoint with a URL value containing an HTML payload such as an img onerror handler or script tag. The server stores this unsanitized string and surfaces it in the monitor dashboard; when an operator opens the dashboard to review job status, the payload executes in their browser, allowing the attacker to exfiltrate the operator's session token or interact with other authenticated API endpoints on the operator's behalf. |
| Remediation | Upgrade to Crawl4AI 0.8.7 or later via pip install --upgrade crawl4ai; this is the vendor-released patch confirmed by both the GHSA advisory and pip package metadata. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbit
Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code i
Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a mal
Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to
Arbitrary file write in Crawl4AI Docker API server before 0.8.8 lets unauthenticated remote attackers escape the ALLOWED
Arbitrary JavaScript execution in Crawl4AI's Docker API server (versions before 0.8.7) lets remote attackers submit code
Server-side request forgery in Crawl4AI's Docker API server (versions before 0.8.7) allows remote unauthenticated attack
Server-side request forgery in Crawl4AI before 0.8.7 allows unauthenticated remote attackers to coerce the server into f
Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers r
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vuln
Arbitrary file write in Crawl4AI's Docker API server (versions before 0.8.7) lets remote unauthenticated attackers overw
Credential exfiltration in Crawl4AI's Docker API server (all versions before 0.8.8) lets remote unauthenticated attacker
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38433
GHSA-53rg-46cm-4g2v