Remote Code Execution due to Stored XSS in parisneo/lollms

Vulnerability

Details

The Lollms application, version v9.9, contains a cross-site scripting (XSS) vulnerability in its discussion image upload feature. The function responsible for sanitizing uploaded SVG files, sanitize_svg, only removes ` elements and on* event attributes (e.g., onload). However, it does not account for other XSS vectors within SVG files, such as elements, inclusions, or JavaScript URLs in href` attributes. This incomplete filtering allows an attacker to inject arbitrary JavaScript or HTML into an SVG file that bypasses the sanitization [1][4].

Exploitation

Conditions

To exploit this vulnerability, an attacker must be an authorized user of the Lollms application who can upload an SVG file as part of a discussion. The crafted SVG file is then delivered to other authorized users via a malicious URL. No additional authentication bypass is required beyond normal user privileges. The attack can succeed when a target user accesses the provided malicious URL, which loads the unsanitized SVG content in their browser [1].

Impact

Successful exploitation results in cross-site scripting (XSS) execution within the context of the authenticated user's session. This can lead to data theft, session hijacking, or, as stated in the description, remote code execution (RCE) if the XSS is chained with other vulnerabilities or used to execute API calls and file operations [1]. The application's multi-user backend (FastAPI) and rich feature set (including file uploads, RAG, and admin panels) increase the potential blast radius [2].

Mitigation

At the time of publication (2024-10-29), no patch has been officially released. Users of Lollms version 9.9 should disable SVG uploads or apply strict content security policies as a workaround. The vendor's project page and advisories indicate ongoing maintenance, but no fix has been confirmed for this specific issue [2][3].