| 제목 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79) |
|---|
| 설명 | # Technical Details
A Stored XSS and Arbitrary Code Execution vulnerability exists in the annotator iframe (`frontend/public/annotator/index.html`) of Weights and Biases OpenUI.
LLM-generated HTML and JavaScript responses are rendered directly into a sandboxed iframe without any sanitization. The iframe sandbox configuration (allow-same-origin allow-scripts) negates isolation — injected scripts get full access to parent.document.cookie and parent.localStorage. The annotator uses wrapper.innerHTML = event.data.html (line 566) and dynamically creates script elements (lines 591-598). No DOMPurify or origin validation exists. A malicious or compromised LLM provider can achieve session hijacking and account takeover.
# Vulnerable Code
File: frontend/public/annotator/index.html (lines 566, 591-598, 515)
Method: Window message event handler
Why: wrapper.innerHTML assigns unsanitized HTML. Script elements are dynamically created and appended to document.body. The iframe uses allow-same-origin + allow-scripts (documented anti-pattern). No event.origin check on the message handler.
# Reproduction
1. Run a malicious LLM server that returns HTML with <script> tags in SSE stream.
2. Configure OpenUI to use the malicious server via OPENAI_BASE_URL.
3. Submit any prompt — injected script executes in iframe, accessing parent.document.cookie.
# Impact
- Session hijacking via parent.document.cookie access.
- Data exfiltration from parent.localStorage and sessionStorage.
- Persistent compromise: malicious UIs stored and re-rendered on revisit. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/899f210b2d78e163d13561bb7f49b4da |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 03. 12. AM 02:52 (18 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353882 [wandb OpenUI 까지 1.0 Window Message Event index.html 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|