Typebot Stored XSS via Rating Block Custom Icon

Typebot is vulnerable to a stored cross-site scripting (XSS) vulnerability in the rating block’s custom icon feature. The vulnerability stems from the lack of sanitization of the customIcon.svg field, which allows attackers to inject arbitrary HTML/SVG code. This code executes within the builder’s DOM context, bypassing the isUnsafe Web Worker sandbox designed to protect against untrusted bots during preview. An attacker can exploit this by crafting a malicious typebot or by compromising a workspace collaborator account. Successful exploitation leads to session hijacking and privilege escalation within the builder application. This issue affects versions of @typebot.io/js prior to 0.10.1.

Attack Chain

1. An attacker crafts a malicious typebot JSON file containing a rating block with a custom icon that includes XSS payload in the customIcon.svg field.
2. The attacker distributes the malicious typebot file through community forums, template marketplaces, or direct sharing with potential victims.
3. A victim imports the malicious typebot into their workspace within the Typebot builder application.
4. The victim previews the imported bot in the builder application, triggering the rendering of the malicious rating block.
5. The injected XSS payload within the customIcon.svg field executes directly in the builder’s DOM, bypassing the isUnsafe Web Worker sandbox.
6. The XSS payload exfiltrates the victim’s session cookies and authentication tokens from the builder origin (builder.typebot.io).
7. The attacker uses the stolen session tokens to gain unauthorized access to the victim’s Typebot workspace.
8. The attacker can then modify bots, access integrations, and view collected data, leading to account takeover and further malicious activities.

Impact

Successful exploitation of this XSS vulnerability can lead to session hijacking, privilege escalation, and account takeover within the Typebot builder application. An attacker can steal authentication cookies and session tokens, allowing them to access and modify the victim’s workspace, including bots, integrations, and collected data. This can have severe consequences, including data breaches, unauthorized access to sensitive information, and disruption of normal business operations. The lack of sanitization in the rating block bypasses the existing isUnsafe sandbox, making imported and untrusted bots a significant security risk.

Recommendation

• Apply DOMPurify sanitization to the customIcon.svg content within the RatingButton component in packages/embeds/js/src/features/blocks/inputs/rating/components/RatingForm.tsx to neutralize any malicious HTML/SVG code.
• Implement SVG-specific validation in the Zod schema or within the sanitizeBlock function in apps/builder/src/features/typebot/helpers/sanitizers.ts to prevent the storage of malicious content.
• Audit other usages of innerHTML within the codebase, such as in FileUploadForm.tsx:234, for similar XSS vulnerabilities and implement appropriate sanitization measures.
• Deploy the Sigma rule “Detect Typebot Rating Block XSS Attempt” to identify potential exploitation attempts targeting the custom icon feature.