Stored XSS in modelscope/agentscope

Vulnerability

Overview

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of commit 21161fe on the main branch [1]. The root cause is that the run ID, a user-controllable string, is directly appended and rendered as HTML in the view for inspecting detailed run information without proper sanitization [2]. This allows an attacker to inject arbitrary HTML and JavaScript code.

Exploitation

An attacker can exploit this vulnerability by providing a malicious run ID, for example through the API or interface that creates or updates runs. When any user (including the attacker or other victims) views the detailed run information page, the injected script executes in the context of that user's browser. The vulnerable code is located in the dashboard.js file at line 90 [3]. No authentication is required beyond the ability to set a run ID, making this a low-barrier attack.

Impact

Successful exploitation leads to arbitrary JavaScript execution, enabling the attacker to steal cookies, session tokens, or perform actions on behalf of the victim. The vulnerability is classified as stored XSS, meaning the payload persists and affects all users who view the compromised run details. The Huntr bounty platform has acknowledged this vulnerability [4].

Mitigation

As of the latest commit (21161fe), no patch has been released. Users are advised to avoid viewing run details from untrusted sources or to apply input sanitization to the run ID field. The maintainers have been notified via the Huntr bounty report [4].