{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/@typebot.io/js--0.10.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2026-28445"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@typebot.io/js (\u003c 0.10.1)"],"_cs_severities":["high"],"_cs_tags":["xss","stored-xss","web-application","typebot"],"_cs_type":"advisory","_cs_vendors":["typebot"],"content_html":"\u003cp\u003eTypebot is vulnerable to a stored cross-site scripting (XSS) vulnerability in the rating block\u0026rsquo;s custom icon feature. The vulnerability stems from the lack of sanitization of the \u003ccode\u003ecustomIcon.svg\u003c/code\u003e field, which allows attackers to inject arbitrary HTML/SVG code. This code executes within the builder\u0026rsquo;s DOM context, bypassing the \u003ccode\u003eisUnsafe\u003c/code\u003e Web Worker sandbox designed to protect against untrusted bots during preview. An attacker can exploit this by crafting a malicious typebot or by compromising a workspace collaborator account. Successful exploitation leads to session hijacking and privilege escalation within the builder application. This issue affects versions of \u003ccode\u003e@typebot.io/js\u003c/code\u003e prior to 0.10.1.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious typebot JSON file containing a rating block with a custom icon that includes XSS payload in the \u003ccode\u003ecustomIcon.svg\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious typebot file through community forums, template marketplaces, or direct sharing with potential victims.\u003c/li\u003e\n\u003cli\u003eA victim imports the malicious typebot into their workspace within the Typebot builder application.\u003c/li\u003e\n\u003cli\u003eThe victim previews the imported bot in the builder application, triggering the rendering of the malicious rating block.\u003c/li\u003e\n\u003cli\u003eThe injected XSS payload within the \u003ccode\u003ecustomIcon.svg\u003c/code\u003e field executes directly in the builder\u0026rsquo;s DOM, bypassing the \u003ccode\u003eisUnsafe\u003c/code\u003e Web Worker sandbox.\u003c/li\u003e\n\u003cli\u003eThe XSS payload exfiltrates the victim\u0026rsquo;s session cookies and authentication tokens from the builder origin (builder.typebot.io).\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen session tokens to gain unauthorized access to the victim\u0026rsquo;s Typebot workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker can then modify bots, access integrations, and view collected data, leading to account takeover and further malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability can lead to session hijacking, privilege escalation, and account takeover within the Typebot builder application. An attacker can steal authentication cookies and session tokens, allowing them to access and modify the victim\u0026rsquo;s workspace, including bots, integrations, and collected data. This can have severe consequences, including data breaches, unauthorized access to sensitive information, and disruption of normal business operations. The lack of sanitization in the rating block bypasses the existing \u003ccode\u003eisUnsafe\u003c/code\u003e sandbox, making imported and untrusted bots a significant security risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply DOMPurify sanitization to the \u003ccode\u003ecustomIcon.svg\u003c/code\u003e content within the \u003ccode\u003eRatingButton\u003c/code\u003e component in \u003ccode\u003epackages/embeds/js/src/features/blocks/inputs/rating/components/RatingForm.tsx\u003c/code\u003e to neutralize any malicious HTML/SVG code.\u003c/li\u003e\n\u003cli\u003eImplement SVG-specific validation in the Zod schema or within the \u003ccode\u003esanitizeBlock\u003c/code\u003e function in \u003ccode\u003eapps/builder/src/features/typebot/helpers/sanitizers.ts\u003c/code\u003e to prevent the storage of malicious content.\u003c/li\u003e\n\u003cli\u003eAudit other usages of \u003ccode\u003einnerHTML\u003c/code\u003e within the codebase, such as in \u003ccode\u003eFileUploadForm.tsx:234\u003c/code\u003e, for similar XSS vulnerabilities and implement appropriate sanitization measures.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Typebot Rating Block XSS Attempt\u0026rdquo; to identify potential exploitation attempts targeting the custom icon feature.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T17:40:51Z","date_published":"2026-05-26T17:40:51Z","id":"https://feed.craftedsignal.io/briefs/2026-05-typebot-xss/","summary":"Typebot is vulnerable to stored cross-site scripting (XSS) due to the rating block's custom icon feature, which accepts arbitrary HTML/SVG via the `customIcon.svg` field without sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM context, bypassing the `isUnsafe` Web Worker sandbox that protects Script blocks during preview, allowing session hijacking and privilege escalation within the builder application.","title":"Typebot Stored XSS via Rating Block Custom Icon","url":"https://feed.craftedsignal.io/briefs/2026-05-typebot-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — @Typebot.io/Js (\u003c 0.10.1)","version":"https://jsonfeed.org/version/1.1"}