{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/client-side-injection/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open WebUI (pip/open-webui \u003c 0.7.0)"],"_cs_severities":["high"],"_cs_tags":["xss","web-application","vulnerability","client-side-injection","open-webui"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpen WebUI is vulnerable to a high-severity stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-26192, stemming from insecure iFrame rendering in its citation model. An authenticated attacker can exploit this by intercepting and modifying HTTP requests when saving chat history to inject malicious HTML content into document metadata, specifically by adding \u003ccode\u003ehtml: true\u003c/code\u003e and embedding an XSS payload. When another user, particularly an administrator, views a citation containing this weaponized document within a shared chat, the vulnerable Open WebUI frontend renders the content in an iFrame with insufficient sandboxing (\u003ccode\u003eallow-scripts\u003c/code\u003e and \u003ccode\u003eallow-same-origin\u003c/code\u003e are hardcoded), allowing the XSS payload to execute. This can lead to session hijacking, exfiltration of sensitive information, or, in the case of an administrator, potential server-side Remote Code Execution (RCE) by leveraging other known vulnerabilities. The vulnerability affects \u003ccode\u003epip/open-webui\u003c/code\u003e versions prior to 0.7.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker logs into Open WebUI and initiates a new chat session.\u003c/li\u003e\n\u003cli\u003eThe attacker attaches an arbitrary file as a \u0026quot;document source\u0026quot; to the chat.\u003c/li\u003e\n\u003cli\u003eWhile saving the chat history or message, the attacker uses an HTTP proxy tool (e.g., Burp Suite, Caido, ZAP) to intercept the outgoing save request.\u003c/li\u003e\n\u003cli\u003eWithin the intercepted request's JSON body, the attacker locates the object corresponding to the document source within the \u003ccode\u003ehistory\u003c/code\u003e and \u003ccode\u003emessages\u003c/code\u003e objects.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies this object by adding \u003ccode\u003ehtml: true\u003c/code\u003e to its metadata and injects an XSS payload (e.g., \u003ccode\u003e\u0026lt;script\u0026gt;alert(document.cookie)\u0026lt;/script\u0026gt;\u003c/code\u003e) into the document content field.\u003c/li\u003e\n\u003cli\u003eThe attacker forwards the modified HTTP request, causing the Open WebUI server to store the malicious chat history with the embedded XSS payload.\u003c/li\u003e\n\u003cli\u003eThe attacker shares the link to this weaponized chat with a victim user (e.g., via a phishing link).\u003c/li\u003e\n\u003cli\u003eWhen the victim accesses the shared chat and clicks on the malicious document citation, the Open WebUI frontend renders the content in an insecure iFrame, executing the attacker's JavaScript payload in the victim's browser context.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary client-side JavaScript code in the context of the victim's browser session. For low-privilege users, this can lead to session takeover, allowing the attacker to read session tokens from local storage and exfiltrate them to an attacker-controlled server. If an administrator is targeted and views the malicious citation, the XSS payload can be used to bypass security controls and potentially achieve server-side Remote Code Execution (RCE) by chaining with other known vulnerabilities, as described in GHSA-w7xj-8fx7-wfch. This poses a significant risk to the integrity and confidentiality of data within the Open WebUI environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-26192 immediately:\u003c/strong\u003e Upgrade all Open WebUI installations to version 0.7.0 or newer to mitigate the vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement Web Application Firewall (WAF) rules:\u003c/strong\u003e Configure a WAF to inspect \u003ccode\u003ePOST\u003c/code\u003e requests to chat history save endpoints for unusual modifications like the addition of \u003ccode\u003ehtml: true\u003c/code\u003e in JSON bodies, and block requests containing common XSS payload patterns in document content, though this may require product-specific WAF configuration for JSON body inspection.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEducate users on phishing awareness:\u003c/strong\u003e Warn users about suspicious shared chat links or messages that encourage clicking on document citations from unknown or untrusted sources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-07T16:56:32Z","date_published":"2026-07-07T16:56:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-webui-stored-xss/","summary":"An authenticated attacker can achieve stored Cross-Site Scripting (XSS) in Open WebUI by manually modifying chat history requests to inject malicious HTML into citation document metadata, leading to session takeover or potential Remote Code Execution (RCE) on the server if an administrator is targeted.","title":"Open WebUI Vulnerable to Stored Cross-Site Scripting (XSS) via iFrame in Citations Model","url":"https://feed.craftedsignal.io/briefs/2026-07-open-webui-stored-xss/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GeoNetwork (3.0.0-3.12.12)","GeoNetwork (4.0.0-alpha.1-4.0.6)","GeoNetwork (4.2.0-4.2.14)","GeoNetwork (4.4.0-4.4.9)"],"_cs_severities":["high"],"_cs_tags":["xss","web-vulnerability","client-side-injection","angularjs","ghsa","webserver"],"_cs_type":"advisory","_cs_vendors":["GeoNetwork"],"content_html":"\u003cp\u003eA critical reflected Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-39379, has been identified in GeoNetwork, an open-source geospatial metadata catalog. This flaw stems from improper neutralization of user-controlled input in error pages, which are built using AngularJS. When a user requests a non-existent or unauthorized service URL, GeoNetwork reflects parts of the original request directly into the error page without adequate sanitization. Since this page is an AngularJS application, an attacker can embed client-side template expressions (e.g., \u003ccode\u003e{{...}}\u003c/code\u003e) within the malicious URL. Upon rendering in the victim's browser, these expressions are evaluated, leading to the execution of arbitrary JavaScript. This vulnerability affects GeoNetwork versions 3.0.0 through 3.12.12, 4.0.0-alpha.1 through 4.0.6, 4.2.0 through 4.2.14, and 4.4.0 through 4.4.9. GeoNetwork 3.x and 4.0.x lines are no longer maintained and will not receive patches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eCraft Malicious URL\u003c/strong\u003e: The attacker crafts a specific URL that targets a non-existent or unauthorized GeoNetwork service endpoint, embedding client-side template injection payloads (e.g., \u003ccode\u003e{{expression}}\u003c/code\u003e) within the path or query parameters.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePhishing Delivery\u003c/strong\u003e: The attacker delivers this crafted malicious URL to a victim, typically via social engineering tactics such as phishing emails, instant messages, or compromised web pages, enticing the victim to click the link.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim Request\u003c/strong\u003e: The victim, interacting with the lure, clicks the malicious URL, causing their web browser to send an HTTP GET request containing the embedded payload to the vulnerable GeoNetwork server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eServer Error Response\u003c/strong\u003e: The GeoNetwork server processes the request for the invalid service. Due to its design, it generates an AngularJS-based error page that reflects portions of the original, unsanitized request URL back to the client.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eClient-Side Template Evaluation\u003c/strong\u003e: When the victim's browser receives and renders the error page, the AngularJS framework identifies the reflected attacker-controlled content as a template expression. It then evaluates this expression.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eArbitrary JavaScript Execution\u003c/strong\u003e: The evaluation of the template expression results in the execution of the attacker's arbitrary JavaScript code within the context of the victim's browser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact on Authenticated Session\u003c/strong\u003e: The malicious JavaScript executes with the same permissions and within the same authenticated session as the victim user, potentially allowing for session hijacking, data exfiltration from GeoNetwork, or performing unauthorized actions on the victim's behalf.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFurther Exploitation\u003c/strong\u003e: The attacker leverages the executed JavaScript to achieve their objective, which could include redirecting the user to a fake login page for credential harvesting or initiating further attacks against the GeoNetwork instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39379 allows an attacker to execute arbitrary JavaScript code within the victim's browser. This code runs in the context of the victim's authenticated session, enabling severe consequences such as session hijacking, unauthorized data exfiltration from the GeoNetwork instance, or performing actions on the victim's behalf, including modifying content or changing configurations if the victim is an administrator. Additionally, attackers could inject fake login forms or malicious content to harvest credentials or spread malware. GeoNetwork versions 3.x and 4.0.x are particularly at risk as they are archived and will not receive official fixes, necessitating immediate upgrades for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-39379 immediately by upgrading GeoNetwork to a fixed version (4.2.15 or later, or 4.4.10 or later).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detects CVE-2026-39379 Exploitation - GeoNetwork Reflected XSS Attempt\u0026quot; to your SIEM to identify attempts at client-side template injection via web server logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:45:55Z","date_published":"2026-07-03T12:45:55Z","id":"https://feed.craftedsignal.io/briefs/2026-07-geonetwork-xss/","summary":"A reflected Cross-Site Scripting (XSS) vulnerability, CVE-2026-39379, exists in GeoNetwork due to client-side template injection within error pages, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript to execute in their browser in the context of their authenticated session.","title":"GeoNetwork Reflected XSS through Client-Side Template Injection (CVE-2026-39379)","url":"https://feed.craftedsignal.io/briefs/2026-07-geonetwork-xss/"}],"language":"en","title":"CraftedSignal Threat Feed - Client-Side-Injection","version":"https://jsonfeed.org/version/1.1"}