| Titre | NousResearch hermes-agent 2026.5.29.2 Cross-site Scripting (CWE-79) |
|---|
| Description | # Technical Details
A Cross-site Scripting vulnerability exists in the `MatrixAdapter._markdown_to_html` method in `gateway/platforms/matrix.py` of hermes-agent.
The application fails to escape attacker-supplied raw HTML or sanitize dangerous URL schemes (such as `javascript:`, `data`, and `vbscript`) before writing the converted text directly into Matrix `formatted_body` payloads.
# Vulnerable Code
File: gateway/platforms/matrix.py
Method: _markdown_to_html
Why: The adapter directly returns `md.convert(text)` output without escaping raw HTML or filtering link schemes. As long as the `markdown` dependency is importable (which is true when the documented Matrix extra is installed), this code path remains active and bypasses a safer fallback implementation that usually filters these schemes.
# Reproduction
1. Ensure Hermes Agent is configured with the Matrix extra installed (where the `markdown` package is importable).
2. Through normal message delivery, supply attacker-controlled text containing raw HTML or a dangerous Markdown link (e.g., `<img src=x onerror="alert(1)">` or `[click](javascript:alert(1))`).
3. Observe that the emitted Matrix payload preserves the raw HTML and dangerous URI scheme inside the `formatted_body` (under `org.matrix.custom.html`).
# Impact
- Malicious links can be injected into outbound Matrix messages.
- Message appearance can be altered with arbitrary inline HTML.
- Imposes content and script-injection risks in downstream Matrix clients that trust or insufficiently sanitize the `org.matrix.custom.html` payload. |
|---|
| La source | ⚠️ https://github.com/NousResearch/hermes-agent/issues/42667 |
|---|
| Utilisateur | Eric-d (UID 96861) |
|---|
| Soumission | 09/06/2026 11:19 (il y a 1 mois) |
|---|
| Modérer | 09/07/2026 19:49 (1 month later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 377247 [NousResearch hermes-agent jusqu’à 2026.5.29.2 Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting] |
|---|
| Points | 20 |
|---|