parisneo Lollms Stored Cross-Site Scripting Vulnerability in Prompt Sharing

Vulnerability

A stored cross-site scripting vulnerability has been identified in the latest version of parisneo Lollms, specifically within the POST /api/prompts/share endpoint. This vulnerability arises because the endpoint allows attacker-controlled prompt content to be stored in the DBDirectMessage.content field without any server-side sanitization. When a victim accesses the direct message thread, the content is rendered by the DM user interface using MessageContentRenderer, which employs v-html to insert HTML into the DOM. The frontend sanitizer, based on regular expressions, fails to adequately cleanse attacker-controlled HTML, permitting malicious payloads to execute in the context of the victim's browser. As a result, any authenticated user can send a harmful prompt-sharing message to another user's inbox, leading to the execution of arbitrary JavaScript, authenticated actions on behalf of the victim, exposure of same-origin application data, and potential account takeover.

Impact

Exploitation of this vulnerability allows for stored JavaScript execution in the context of the victim's application origin. This could enable an attacker to perform authenticated actions as the victim, access same-origin application data available to the frontend, and potentially compromise the victim's account.

Reproduction

To reproduce this vulnerability, an authenticated user can send a malicious prompt-share direct message to another user. The payload, which can include JavaScript execution commands such as image tags with event handlers, will be executed when the victim opens the direct message conversation.

Added: Jul 18, 2026, 9:24 PM
Updated: Jul 18, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
6.3
remediation
0.0
relevance
9.9
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.