| 제목 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79) |
|---|
| 설명 | # Technical Details
An Unauthenticated Share Creation/Overwrite and Stored XSS vulnerability exists in the `create_share` and `get_share` endpoints in `backend/openui/server.py` of Weights and Biases OpenUI.
The share endpoints (POST /v1/share/{id}) completely lack authentication middleware. Any unauthenticated actor can create or overwrite shared components with arbitrary HTML including <script> tags. The HTMLAnnotator component (frontend/public/annotator/index.html) assigns this content directly to innerHTML and dynamically appends scripts to document.body. Since the iframe operates with allow-same-origin, injected scripts can access parent.document.cookie, enabling session hijacking and account takeover.
# Vulnerable Code
File: backend/openui/server.py (lines 361-374)
Method: create_share() and get_share()
Why: No authentication check (unlike chat_completions which verifies request.session.get("user_id")). The id is attacker-controlled, no ownership verification exists. HTML content is stored without sanitization and rendered with allow-same-origin iframe permissions.
# Reproduction
1. Create malicious share (unauthenticated): curl -X POST http://localhost:7878/v1/share/poc-evil -H "Content-Type: application/json" -d '{"prompt":"Test","name":"Evil","html":"<script>console.log(parent.document.cookie)</script>"}'
2. Send victim the link: http://localhost:7878/ai/shared/poc-evil
3. When victim opens the page, the script executes with access to parent.document.cookie.
# Impact
- Stored XSS with account takeover via session cookie theft.
- Any user's shared components can be overwritten without authorization.
- Full session compromise for any user visiting the malicious share link. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/7b42be1da37af51a0cfba0866d100987 |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 03. 12. AM 02:44 (20 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353879 [wandb OpenUI 까지 1.0 HTMLAnnotator backend/openui/server.py create_share/get_share 아이디 HTML injection] |
|---|
| 포인트들 | 20 |
|---|