| タイトル | Mario Zechner pi-mono 0.58.4 SVG Artifact Stored XSS Leading to Credential Theft |
|---|
| 説明 | A stored Cross-Site Scripting (XSS) vulnerability exists in the SVG artifact rendering component of @mariozechner/pi-web-ui. When the LLM generates an SVG artifact, the content is rendered directly into the parent page DOM using the unsafeHTML() Lit directive without any sanitization (no DOMPurify, no allowlist filtering, no iframe sandboxing).
Unlike HTML artifacts, which are isolated within sandboxed <iframe> elements (sandbox="allow-scripts allow-modals"), SVG artifacts are rendered inline in the main application context using light DOM (createRenderRoot() { return this; }). This allows embedded JavaScript in SVG event handlers (e.g., onload, onerror, onclick) to execute with full access to the parent page's origin context, including document.cookie, localStorage, and IndexedDB.
This vulnerability is chained with a second vulnerability: LLM provider API keys (Anthropic, OpenAI, Google, etc.) are stored as plaintext strings in the browser's IndexedDB without any encryption. When the XSS payload executes, it can read all stored API keys and exfiltrate them to an attacker-controlled server.
The combined effect is a full credential theft of all configured LLM provider API keys, authentication tokens, and chat session history, triggered by a single malicious SVG artifact that the LLM is manipulated into generating via prompt injection. |
|---|
| ソース | ⚠️ https://github.com/August829/CVEP/issues/20 |
|---|
| ユーザー | Yu Bao (UID 88956) |
|---|
| 送信 | 2026年03月18日 08:22 (28 日 ago) |
|---|
| モデレーション | 2026年04月04日 08:35 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355286 [badlogic pi-mono 0.58.4 SVG Artifact SvgArtifact.ts クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|