MaxKB Stored Cross-Site Scripting Vulnerability in Markdown Rendering Component
Vulnerability
A stored cross-site scripting vulnerability has been identified in MaxKB, an open-source AI assistant for enterprise, in versions through 2.7.1. This vulnerability allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue field by enclosing malicious payloads in <html_rander> tags. The issue arises because the backend does not properly sanitize or encode HTML entities in the prologue when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint. As a result, the raw payload is stored in the database and later rendered on the frontend using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe. This exploitation leads to persistent DOM-based stored XSS execution against any visitor who opens the affected chatbot interface, with potential consequences including session hijacking, unauthorized actions performed on behalf of victims, and exposure of sensitive data.
Impact
Exploitation of this vulnerability allows for session hijacking, execution of unauthorized actions on behalf of the victim, such as deleting workspaces or applications, and exposure of sensitive data.
Remediation
Users can upgrade to MaxKB version 2.8.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.