Enviar #791923: Langflow <= 1.8.3 Stored Cross-Site Scriptinginformación

TítuloLangflow <= 1.8.3 Stored Cross-Site Scripting
Descripción# Technical Details A Stored Cross-Site Scripting (XSS) vulnerability exists in the frontend component of Langflow. The application relies on the `Markdown` component to render chat messages and flow descriptions. The configuration of this Markdown renderer explicitly enables raw HTML decoding using the `rehype-raw` plugin but crucially fails to pair it with a sanitization plugin such as `rehype-sanitize`. This oversight allows arbitrary HTML and JavaScript injected by a user to be rendered directly into the DOM of any user viewing the content. # Vulnerable Code File: `src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx` Method: Frontend React Component Rendering Why: The JSX block `<Markdown rehypePlugins={[rehypeMathjax, rehypeRaw]}>{processedChatMessage}</Markdown>` processes user input. By enabling `rehypeRaw` without `rehypeSanitize`, dangerous tags and attributes (like `<img onerror=...>` or `<script>`) are preserved and executed by the browser. # Reproduction 1. An authenticated attacker logs into the Langflow GUI. 2. The attacker uses the chat interface to send a message or updates a project's Flow Description. 3. The attacker injects an XSS payload, for example: `<img src=x onerror=alert('XSS_Executed')>`. 4. The backend securely stores this payload in the database without sanitization (which is expected). 5. When the attacker (or any other victim, such as a higher-privileged administrator) views the chat history or the project configuration, the victim's browser renders the malicious Markdown and executes the embedded JavaScript payload. # Impact - Session Hijacking: JavaScript execution allows attackers to steal `access_token` values stored in `LocalStorage`. - Account Takeover and Privileged Actions: Scripts can execute unauthorized asynchronous HTTP API calls on behalf of an administrator, deleting databases or altering security settings. - Persistent Risk: The payload is stored in the database, impacting every user who accesses the compromised project or chat session.
Fuente⚠️ https://gist.github.com/chenhouser2025/935aa5d4556264ba408059eec0960b1a
Usuario
 Eric-f (UID 96873)
Sumisión2026-03-28 14:50 (hace 23 días)
Moderación2026-04-19 15:47 (22 days later)
EstadoAceptado
Entrada de VulDB358235 [langflow-ai langflow hasta 1.8.3 Frontend React Component Rendering edit-message.tsx secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!