| 제목 | Mario Zechner pi-mono 0.58.4 SVG Artifact Stored XSS Leading to Credential Theft |
|---|
| 설명 | A stored Cross-Site Scripting (XSS) vulnerability exists in the SVG artifact rendering component of @mariozechner/pi-web-ui. When the LLM generates an SVG artifact, the content is rendered directly into the parent page DOM using the unsafeHTML() Lit directive without any sanitization (no DOMPurify, no allowlist filtering, no iframe sandboxing).
Unlike HTML artifacts, which are isolated within sandboxed <iframe> elements (sandbox="allow-scripts allow-modals"), SVG artifacts are rendered inline in the main application context using light DOM (createRenderRoot() { return this; }). This allows embedded JavaScript in SVG event handlers (e.g., onload, onerror, onclick) to execute with full access to the parent page's origin context, including document.cookie, localStorage, and IndexedDB.
This vulnerability is chained with a second vulnerability: LLM provider API keys (Anthropic, OpenAI, Google, etc.) are stored as plaintext strings in the browser's IndexedDB without any encryption. When the XSS payload executes, it can read all stored API keys and exfiltrate them to an attacker-controlled server.
The combined effect is a full credential theft of all configured LLM provider API keys, authentication tokens, and chat session history, triggered by a single malicious SVG artifact that the LLM is manipulated into generating via prompt injection. |
|---|
| 원천 | ⚠️ https://github.com/August829/CVEP/issues/20 |
|---|
| 사용자 | Yu Bao (UID 88956) |
|---|
| 제출 | 2026. 03. 18. AM 08:22 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 04. AM 08:35 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355286 [badlogic pi-mono 0.58.4 SVG Artifact SvgArtifact.ts 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|