NextChat Cross-Site Scripting Vulnerability in HTML Preview Component

A cross-site scripting (XSS) vulnerability has been identified in NextChat version 2.16.0, specifically within the HTMLPreview component of artifacts.tsx. This vulnerability allows attackers to execute arbitrary JavaScript when HTML content is displayed in the AI chat interface. The issue arises because user-influenced HTML from AI responses is rendered in an iframe with 'allow-scripts' sandbox permission, lacking proper sanitization. Exploitation can occur through carefully crafted prompts that prompt the AI to generate malicious HTML or JavaScript. Once a user views the HTML preview, the injected JavaScript executes in their browser context, potentially enabling attackers to exfiltrate sensitive information, such as API keys from localStorage, perform actions on behalf of the user, and steal session data. Additionally, this vulnerability can function as a stored XSS, as an attacker can share the chat link, replaying the history and triggering the same payload.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user's browser. This could lead to exfiltration of sensitive information, such as API keys stored in localStorage, and unauthorized actions on behalf of the user. The vulnerability can also be exploited through shared chat links, creating a stored XSS effect.

Reproduction

To reproduce this vulnerability, first, create a prompt that encourages the AI to generate HTML content. The prompt should be crafted to include malicious JavaScript code within the HTML. Once the AI responds, the generated HTML will be rendered in the HTMLPreview component. When the preview is opened, the injected JavaScript executes, demonstrating the cross-site scripting vulnerability. This can also be shared via the application's chat link feature, triggering the payload execution for anyone who opens the shared link.