DeepChat Stored Cross-Site Scripting Vulnerability in Mermaid Renderer Escalating to Remote Code Execution

A stored cross-site scripting vulnerability has been identified in DeepChat versions through 0.5.0, specifically within the Mermaid diagram renderer. This vulnerability allows an attacker to execute arbitrary JavaScript in the application context. The issue arises because the renderer uses innerHTML to display Mermaid content, enabling the execution of malicious scripts embedded in the diagram syntax. Furthermore, the exposed Electron IPC bridge can be leveraged to escalate this XSS vulnerability to remote code execution by registering and starting a malicious MCP server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected user's machine, with any executed commands running in the context of the user.

Reproduction

To reproduce this vulnerability, inject a prompt that includes a crafted Mermaid diagram. The diagram should contain a JavaScript payload, such as an image tag with an onerror event, which executes a script using the Electron IPC renderer to invoke a method that registers and starts a malicious MCP server. Once the server is running, it can execute arbitrary commands on the system, such as opening the Windows Calculator.