Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionGitHub Advisory
Resolution
Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body.
Overview
- Vulnerability Type: XSS
- Affected Location:
src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response
Root Cause
When fetch(url) throws, the code sends: res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error). The url value is attacker-controlled (req.params.url) and is not HTML-escaped before rendering.
Source-to-Sink Chain
- Source (user-controlled input)
- Entry point:
GET /proxy/:url(*)
- Data flow
- Code analysis shows concrete propagation into this sink:
- vulnerability title:
Reflected XSS in CORS proxy error response - sink location reached by attacker-controlled input:
src/middleware/corsProxy.js:40 - The same sink behavior is confirmed by controlled execution observations.
- Sink (dangerous operation)
- Sink location:
src/middleware/corsProxy.js:40 - Vulnerable behavior: reflected XSS in CORS proxy error response
Exploitation Preconditions
- The attacker can inject controllable content into a rendered response.
- The vulnerable rendering context does not apply strict output encoding/sanitization.
- A victim user opens the affected page or response.
Risk
This issue enables script execution in the victim context and can compromise session or data integrity.
Impact
An attacker may run arbitrary JavaScript in the victim context, steal tokens, and manipulate user-visible behavior.
Remediation
- Never concatenate raw user input into HTML error responses.
- If URL echo is required, HTML-escape it or force plain-text output.
- Re-enable/strengthen CSP to reduce reflected injection impact.
Analysis
Resolution
Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body.
Overview
- Vulnerability Type: XSS
- Affected Location:
src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response
Root Cause
When fetch(url) throws, the code sends: res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error). The url value is attacker-controlled (req.params.url) and is not HTML-escaped before rendering.
Source-to-Sink Chain
- Source (user-controlled input)
- Entry point:
GET /proxy/:url(*)
- Data flow
- Code analysis shows concrete propagation into this sink:
- vulnerability title:
Reflected XSS in CORS proxy error response - sink location reached by attacker-controlled input:
src/middleware/corsProxy.js:40 - The same sink behavior is confirmed by controlled execution observations.
- Sink (dangerous operation)
- Sink location:
src/middleware/corsProxy.js:40 - Vulnerable behavior: reflected XSS in CORS proxy error response
Exploitation Preconditions
- The attacker can inject controllable content into a rendered response.
- The vulnerable rendering context does not apply strict output encoding/sanitization.
- A victim user opens the affected page or response.
Risk
This issue enables script execution in the victim context and can compromise session or data integrity.
Impact
An attacker may run arbitrary JavaScript in the victim context, steal tokens, and manipulate user-visible behavior.
Remediation
- Never concatenate raw user input into HTML error responses.
- If URL echo is required, HTML-escape it or force plain-text output.
- Re-enable/strengthen CSP to reduce reflected injection impact.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33405
GHSA-xc4x-2452-5gc9