Marimo
Monthly
Reflected XSS in the marimo notebook server before version 0.23.9 enables unauthenticated remote attackers to inject and execute arbitrary JavaScript in the origin of a victim's marimo server by supplying a crafted `file` query parameter. The flaw stems from improper single-quote escaping in assets.py when reflecting the parameter into an inline JavaScript string literal; attackers bypass the server's 404 check by prefixing payloads with `__new__`, and execution occurs without Content-Security-Policy restrictions. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though the attack mechanism is straightforward for a motivated attacker targeting shared or collaborative marimo deployments.
Reflected XSS in the marimo notebook server before version 0.23.9 enables unauthenticated remote attackers to inject and execute arbitrary JavaScript in the origin of a victim's marimo server by supplying a crafted `file` query parameter. The flaw stems from improper single-quote escaping in assets.py when reflecting the parameter into an inline JavaScript string literal; attackers bypass the server's 404 check by prefixing payloads with `__new__`, and execution occurs without Content-Security-Policy restrictions. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though the attack mechanism is straightforward for a motivated attacker targeting shared or collaborative marimo deployments.