| Titel | NousResearch hermes-agent 2026.5.29.2 Cross-site Scripting (CWE-79) |
|---|
| Beschreibung | # Technical Details
A Cross-site Scripting vulnerability exists in the `MatrixAdapter._markdown_to_html` method in `gateway/platforms/matrix.py` of hermes-agent.
The application fails to escape attacker-supplied raw HTML or sanitize dangerous URL schemes (such as `javascript:`, `data`, and `vbscript`) before writing the converted text directly into Matrix `formatted_body` payloads.
# Vulnerable Code
File: gateway/platforms/matrix.py
Method: _markdown_to_html
Why: The adapter directly returns `md.convert(text)` output without escaping raw HTML or filtering link schemes. As long as the `markdown` dependency is importable (which is true when the documented Matrix extra is installed), this code path remains active and bypasses a safer fallback implementation that usually filters these schemes.
# Reproduction
1. Ensure Hermes Agent is configured with the Matrix extra installed (where the `markdown` package is importable).
2. Through normal message delivery, supply attacker-controlled text containing raw HTML or a dangerous Markdown link (e.g., `<img src=x onerror="alert(1)">` or `[click](javascript:alert(1))`).
3. Observe that the emitted Matrix payload preserves the raw HTML and dangerous URI scheme inside the `formatted_body` (under `org.matrix.custom.html`).
# Impact
- Malicious links can be injected into outbound Matrix messages.
- Message appearance can be altered with arbitrary inline HTML.
- Imposes content and script-injection risks in downstream Matrix clients that trust or insufficiently sanitize the `org.matrix.custom.html` payload. |
|---|
| Quelle | ⚠️ https://github.com/NousResearch/hermes-agent/issues/42667 |
|---|
| Benutzer | Eric-d (UID 96861) |
|---|
| Einreichung | 09.06.2026 11:19 (vor 1 Monat) |
|---|
| Moderieren | 09.07.2026 19:49 (1 month later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 377247 [NousResearch hermes-agent bis 2026.5.29.2 Matrix Adapter matrix.py MatrixAdapter._markdown_to_html Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|