Submeter #778267: Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)informação

TítuloWeights and Biases OpenUI <= 1.0 (commit f9d8f0e) Cross-Site Scripting (CWE-79)
Descrição# Technical Details A Stored XSS and Arbitrary Code Execution vulnerability exists in the annotator iframe (`frontend/public/annotator/index.html`) of Weights and Biases OpenUI. LLM-generated HTML and JavaScript responses are rendered directly into a sandboxed iframe without any sanitization. The iframe sandbox configuration (allow-same-origin allow-scripts) negates isolation — injected scripts get full access to parent.document.cookie and parent.localStorage. The annotator uses wrapper.innerHTML = event.data.html (line 566) and dynamically creates script elements (lines 591-598). No DOMPurify or origin validation exists. A malicious or compromised LLM provider can achieve session hijacking and account takeover. # Vulnerable Code File: frontend/public/annotator/index.html (lines 566, 591-598, 515) Method: Window message event handler Why: wrapper.innerHTML assigns unsanitized HTML. Script elements are dynamically created and appended to document.body. The iframe uses allow-same-origin + allow-scripts (documented anti-pattern). No event.origin check on the message handler. # Reproduction 1. Run a malicious LLM server that returns HTML with <script> tags in SSE stream. 2. Configure OpenUI to use the malicious server via OPENAI_BASE_URL. 3. Submit any prompt — injected script executes in iframe, accessing parent.document.cookie. # Impact - Session hijacking via parent.document.cookie access. - Data exfiltration from parent.localStorage and sessionStorage. - Persistent compromise: malicious UIs stored and re-rendered on revisit.
Fonte⚠️ https://gist.github.com/YLChen-007/899f210b2d78e163d13561bb7f49b4da
Utilizador
 Eric-b (UID 96354)
Submissão12/03/2026 02h52 (há 18 dias)
Moderação27/03/2026 14h48 (15 days later)
EstadoAceite
Entrada VulDB353882 [wandb OpenUI até 1.0 Window Message Event index.html Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!