VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Aug 22, 2025· Updated Apr 15, 2026

CVE-2025-50733

CVE-2025-50733

Description

NextChat contains a cross-site scripting (XSS) vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is rendered in an iframe with 'allow-scripts' sandbox permission without proper sanitization. This can be exploited through specifically crafted prompts that cause the AI to generate malicious HTML/JavaScript code. When a user views the HTML preview, the injected JavaScript executes in the user's browser context, potentially allowing attackers to exfiltrate sensitive information (including API keys stored in localStorage), perform actions on behalf of the user, and steal session data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NextChat v2.16.0 HTMLPreview component renders unsanitized AI-generated HTML in an iframe with 'allow-scripts', enabling XSS via crafted prompts.

Vulnerability

Overview

CVE-2025-50733 is a cross-site scripting (XSS) vulnerability in the HTMLPreview component of NextChat's artifacts.tsx file. The root cause is that user-influenced HTML content from AI responses is rendered inside an iframe with the allow-scripts sandbox permission, without any sanitization. This allows an attacker to inject arbitrary JavaScript code that executes in the context of the user's browser when the HTML preview is viewed [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a specific prompt that causes the AI to generate malicious HTML and JavaScript. When the user opens the HTML preview, the injected script runs automatically. Additionally, because NextChat supports sharing chat sessions via links, the payload can be replayed when a victim opens the shared link, effectively turning this into a stored XSS attack [1].

Impact

Successful exploitation enables the attacker to exfiltrate sensitive information, including API keys stored in localStorage, perform actions on behalf of the user, and steal session data. This can lead to account compromise and unauthorized access to the user's AI chat history and associated services [1][2].

Mitigation

Status

As of the publication date (21 August 2025), the vulnerability remains unpatched. The vendor was notified at least 90 days prior, but no fix has been released. No workarounds are documented in the available references [1][2].

References
  1. CVE-2025-50733 - HackMD
  2. Vulnerability-Research/CVE-2025-50733/README.md at main · fai1424/Vulnerability-Research

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.