Promptcraft Forge Studio Input Sanitization Flaw Leading to Cross-Site Scripting

A cross-site scripting (XSS) vulnerability exists in all versions of Promptcraft Forge Studio, a toolkit for managing LLM-powered applications. The issue arises from the application's input sanitization process, which employs regex blacklists to remove potentially harmful content. However, this method is flawed, as it only removes one occurrence of a multi-character token at a time. This can create overlapping patterns that allow executable payloads to persist, particularly when the sanitized output is used in href or src attributes, or injected into the DOM.

Impact

Exploitation of this vulnerability allows for arbitrary execution of JavaScript in the context of the application's origin, which could lead to token theft or unauthorized actions as the user. The vulnerability typically requires user interaction, such as clicking a link or rendering the crafted content.

Reproduction

The vulnerability can be reproduced by inputting a string that contains overlapping patterns of the tokens targeted by the sanitization regexes. For example, a string like 'javajavascript:script:' would not be properly sanitized, as the first replacement leaves behind a dangerous 'javascript:' token. Similarly, a string like 'dadata:text/htmlta:text/html' would also bypass the sanitization, allowing for the execution of a payload if the resulting string is used in a href or src attribute, or injected into the DOM using innerHTML or dangerouslySetInnerHTML.

Remediation

Users are advised to employ a reliable sanitization library, such as DOMPurify for browser applications or sanitize-html for Node.js environments. If regex-based sanitization is preferred, it is important to repeatedly apply the replacements until the string no longer changes, or to switch to character-level filtering. Additionally, untrusted strings should not be passed to dangerouslySetInnerHTML, and safe URLs should be whitelisted when creating href or src values.