Skip to main content

Appium Mcp

1 CVEs product

Monthly

CVE-2026-58500 npm HIGH PATCH This Week

Cross-site scripting in appium-mcp (the Appium MCP server) versions <= 1.85.9 lets an attacker who controls the mobile app under test inject arbitrary HTML/JavaScript into the MCP UI resource returned by the generate_locators tool, because createLocatorGeneratorUI interpolates element attributes (text, content-desc, resource-id, selector, strategy) into an HTML template without escaping. When a victim's MCP client renders the resource, the injected script runs and can call arbitrary registered MCP tools via window.parent.postMessage (screenshots, page-source reads, etc.). No public exploit identified at time of analysis, though the fix commit ships XSS test cases; fixed in 1.85.10.

Google XSS Appium Mcp
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Cross-site scripting in appium-mcp (the Appium MCP server) versions <= 1.85.9 lets an attacker who controls the mobile app under test inject arbitrary HTML/JavaScript into the MCP UI resource returned by the generate_locators tool, because createLocatorGeneratorUI interpolates element attributes (text, content-desc, resource-id, selector, strategy) into an HTML template without escaping. When a victim's MCP client renders the resource, the injected script runs and can call arbitrary registered MCP tools via window.parent.postMessage (screenshots, page-source reads, etc.). No public exploit identified at time of analysis, though the fix commit ships XSS test cases; fixed in 1.85.10.

Google XSS Appium Mcp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy