提出 #778264: Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)情報

タイトル	Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)
説明	# Technical Details An Unauthenticated Share Creation/Overwrite and Stored XSS vulnerability exists in the `create_share` and `get_share` endpoints in `backend/openui/server.py` of Weights and Biases OpenUI. The share endpoints (POST /v1/share/{id}) completely lack authentication middleware. Any unauthenticated actor can create or overwrite shared components with arbitrary HTML including <script> tags. The HTMLAnnotator component (frontend/public/annotator/index.html) assigns this content directly to innerHTML and dynamically appends scripts to document.body. Since the iframe operates with allow-same-origin, injected scripts can access parent.document.cookie, enabling session hijacking and account takeover. # Vulnerable Code File: backend/openui/server.py (lines 361-374) Method: create_share() and get_share() Why: No authentication check (unlike chat_completions which verifies request.session.get("user_id")). The id is attacker-controlled, no ownership verification exists. HTML content is stored without sanitization and rendered with allow-same-origin iframe permissions. # Reproduction 1. Create malicious share (unauthenticated): curl -X POST http://localhost:7878/v1/share/poc-evil -H "Content-Type: application/json" -d '{"prompt":"Test","name":"Evil","html":"<script>console.log(parent.document.cookie)</script>"}' 2. Send victim the link: http://localhost:7878/ai/shared/poc-evil 3. When victim opens the page, the script executes with access to parent.document.cookie. # Impact - Stored XSS with account takeover via session cookie theft. - Any user's shared components can be overwritten without authorization. - Full session compromise for any user visiting the malicious share link.
ソース	⚠️ https://gist.github.com/YLChen-007/7b42be1da37af51a0cfba0866d100987
ユーザー	Eric-b (UID 96354)
送信	2026年03月12日 02:44 (19 日 ago)
モデレーション	2026年03月27日 14:48 (16 days later)
ステータス	承諾済み
VulDBエントリ	353879 [wandb OpenUI 迄 1.0 HTMLAnnotator backend/openui/server.py create_share/get_share 識別子 HTML injection]
ポイント	20

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!