MaxKB Stored Cross-Site Scripting Vulnerability in Iframe Rendering Component
Vulnerability
A stored cross-site scripting vulnerability has been identified in MaxKB, an open-source AI assistant for enterprise, affecting versions through 2.7.1. The issue arises in the frontend's MdRenderer.vue component, which improperly parses custom <iframe_render> tags from LLM responses or Application Prologue configurations. This parsing bypasses standard Markdown sanitization and XSS filtering, allowing unsanitized HTML to be passed to the IframeRender.vue component. The HTML is then rendered directly into an <iframe> using the srcdoc attribute, with the sandbox permissions set to 'allow-scripts allow-same-origin'. This configuration enables injected scripts to escape the iframe and execute JavaScript in the parent window via window.parent. Since the Prologue is rendered for all users accessing an application's chat interface, this vulnerability leads to high-impact stored XSS, potentially allowing session hijacking, unauthorized actions, and exposure of sensitive data.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the application's chat interface, potentially leading to session hijacking and unauthorized actions.
Remediation
Users can upgrade to MaxKB version 2.8.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.