Enviar #778267: Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)información

TítuloWeights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)
Descripción# Technical Details A Stored XSS and Arbitrary Code Execution vulnerability exists in the annotator iframe (`frontend/public/annotator/index.html`) of Weights and Biases OpenUI. LLM-generated HTML and JavaScript responses are rendered directly into a sandboxed iframe without any sanitization. The iframe sandbox configuration (allow-same-origin allow-scripts) negates isolation — injected scripts get full access to parent.document.cookie and parent.localStorage. The annotator uses wrapper.innerHTML = event.data.html (line 566) and dynamically creates script elements (lines 591-598). No DOMPurify or origin validation exists. A malicious or compromised LLM provider can achieve session hijacking and account takeover. # Vulnerable Code File: frontend/public/annotator/index.html (lines 566, 591-598, 515) Method: Window message event handler Why: wrapper.innerHTML assigns unsanitized HTML. Script elements are dynamically created and appended to document.body. The iframe uses allow-same-origin + allow-scripts (documented anti-pattern). No event.origin check on the message handler. # Reproduction 1. Run a malicious LLM server that returns HTML with <script> tags in SSE stream. 2. Configure OpenUI to use the malicious server via OPENAI_BASE_URL. 3. Submit any prompt — injected script executes in iframe, accessing parent.document.cookie. # Impact - Session hijacking via parent.document.cookie access. - Data exfiltration from parent.localStorage and sessionStorage. - Persistent compromise: malicious UIs stored and re-rendered on revisit.
Fuente⚠️ https://gist.github.com/YLChen-007/899f210b2d78e163d13561bb7f49b4da
Usuario
 Eric-b (UID 96354)
Sumisión2026-03-12 02:52 (hace 21 días)
Moderación2026-03-27 14:48 (15 days later)
EstadoAceptado
Entrada de VulDB353882 [wandb OpenUI hasta 1.0 Window Message Event index.html secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!