CVE-2025-15632

Vulnerability

Overview

A stored cross-site scripting (XSS) vulnerability exists in MaxKB, an open-source enterprise agent platform [3]. The flaw resides in the MdPreviewMdPreview component within the file ui/src/chat.ts`, which renders user-supplied paragraph content without proper HTML sanitization [1][2]. The backend stores the unsanitized content directly in the database, and when a victim views the paragraph in the UI, the malicious script executes in their browser [2].

Exploitation

Details

An authenticated attacker with dataset management permissions can exploit this vulnerability by sending a POST request to the paragraph creation endpoint (/api/workspace/{workspace_id}/knowledge/{knowledge_id}/document/{document_id}/paragraph) with a malicious payload in the content field, such as ` [2]. The backend serializer (apps/knowledge/serializers/paragraph.py) does not sanitize the input, and the ParagraphCard.vue component renders it via MdPreview` without filtering [2]. The attack is remotely executable and does not require any special network position beyond authenticated access [1].

Impact

Successful exploitation allows an attacker to inject arbitrary JavaScript that executes in the context of any user viewing the affected paragraph, including administrators [2]. This can lead to session hijacking, data theft, or further actions within the application. The vulnerability is classified as low severity (CVSS 3.5) due to the requirement for authenticated access and specific permissions [1].

Mitigation

The vendor was contacted early and released a fix in version 2.5.0 [1]. The patch (commit 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8) integrates the XSSPlugin from md-editor-v3 and configures a whitelist of allowed HTML tags and attributes, effectively sanitizing user input before rendering [4]. Users are strongly advised to upgrade to v2.5.0 or later [1].