Appsmith
Monthly
Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent malicious JavaScript via crafted database table or column names that are rendered unsanitized through innerHTML. When other workspace members interact with the same datasource's query editor, the injected script executes in their browser session, enabling session token theft and unauthorized actions with high confidentiality impact (CVSS C:H). A public proof-of-concept exploit exists (Stuub/Appsmith-1.98-Stored-XSS-Exploit on GitHub), and the vulnerability was reported by CERT/CC, materially elevating practical exploitation risk above what the CVSS 6.3 Medium score alone implies.
Appsmith versions prior to 1.98 allow unauthenticated remote attackers to access sensitive instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) without authentication, enabling disclosure of configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. This authentication bypass facilitates reconnaissance for targeted follow-up attacks against Appsmith deployments and their administrators. No public exploit code or active exploitation has been independently confirmed at time of analysis.
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.
Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and email verification links. Attackers can redirect authentication tokens to their domain, enabling account takeover. PoC available, patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.
Appsmith is a platform to build admin panels, internal tools, and dashboards. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent malicious JavaScript via crafted database table or column names that are rendered unsanitized through innerHTML. When other workspace members interact with the same datasource's query editor, the injected script executes in their browser session, enabling session token theft and unauthorized actions with high confidentiality impact (CVSS C:H). A public proof-of-concept exploit exists (Stuub/Appsmith-1.98-Stored-XSS-Exploit on GitHub), and the vulnerability was reported by CERT/CC, materially elevating practical exploitation risk above what the CVSS 6.3 Medium score alone implies.
Appsmith versions prior to 1.98 allow unauthenticated remote attackers to access sensitive instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) without authentication, enabling disclosure of configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. This authentication bypass facilitates reconnaissance for targeted follow-up attacks against Appsmith deployments and their administrators. No public exploit code or active exploitation has been independently confirmed at time of analysis.
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.
Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and email verification links. Attackers can redirect authentication tokens to their domain, enabling account takeover. PoC available, patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.
Appsmith is a platform to build admin panels, internal tools, and dashboards. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.