CVE-2026-12228
Received Received - Intake

Stored XSS in Lollms AI Application

Vulnerability report for CVE-2026-12228, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: huntr.dev

Description

A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms (latest version). The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side sanitization. When a victim opens the direct message (DM) thread, the message is rendered by the DM UI through `MessageContentRenderer`, which uses `v-html` to insert rendered HTML into the DOM. The frontend sanitizer, which is regex-based, fails to comprehensively sanitize attacker-controlled HTML, allowing malicious payloads to execute in the victim's browser context. This vulnerability enables any authenticated user to send a malicious prompt-share message to another user's inbox, leading to arbitrary JavaScript execution, authenticated actions as the victim, exposure of same-origin application data, and potential account takeover.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
parisneo lollms *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is a stored cross-site scripting (XSS) vulnerability in the parisneo/lollms application. It allows an attacker to inject malicious scripts into a victim's browser by sending a specially crafted message through the POST /api/prompts/share endpoint. The message is stored without proper sanitization and later rendered unsafely using v-html in the DM UI, enabling arbitrary JavaScript execution.

Detection Guidance

To detect this vulnerability, inspect HTTP requests to the /api/prompts/share endpoint for unsanitized prompt_content parameters. Check DM content in the database for stored HTML/JS payloads. Review frontend logs for v-html usage in MessageContentRenderer.

Impact Analysis

If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript in your browser when you view the malicious message. This could lead to actions being performed on your behalf, exposure of sensitive data, or even complete account takeover.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, including personal or health information, which may violate GDPR and HIPAA compliance requirements. The stored XSS allows attackers to execute arbitrary scripts in a victim's browser, potentially exposing or manipulating regulated data.

Mitigation Strategies

Immediately update to the latest version of parisneo/lollms if a patch exists. Implement server-side HTML sanitization for prompt_content before storing in DBDirectMessage.content. Replace v-html with a secure rendering method in MessageContentRenderer.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12228. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart