AnythingLLM Stored DOM-Based Cross-Site Scripting Vulnerability in Chart Captions

A stored DOM-based cross-site scripting vulnerability has been identified in AnythingLLM versions prior to 1.12.1. The issue arises from an unsafe custom markdown renderer for images, which fails to properly HTML-encode the 'alt' text before interpolation into an image tag. This flaw is present in the 'Chartable' component, which renders chart captions without any sanitization. As a result, an attacker can manipulate the LLM's output to include malicious markdown that executes JavaScript in the context of the victim's browser. The vulnerability is particularly concerning in multi-user workspaces, where the injected script can affect all users accessing the same conversation.

Impact

Exploitation of this vulnerability leads to stored DOM-based cross-site scripting, where injected scripts are executed in the context of the user viewing the affected chat. This could result in unauthorized access to the user's AnythingLLM account, including sensitive data and administrative privileges, especially if the victim is an admin.

Reproduction

To reproduce this vulnerability, upload a document to a shared workspace that includes a prompt injection instructing the LLM to add a specific caption to a chart. Once the chart is created, the injected JavaScript will execute when the conversation is opened by any user.

Remediation

Users can update to AnythingLLM version 1.12.1 or later, where this vulnerability has been patched.