AutoGPT SignUp Page has DOM-Based XSS and Open Redirect
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter (next), which is passed to router.push. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 0.6.62 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.6.62+ 1 more
- (no CPE)range: <0.6.62
- (no CPE)range: <0.6.62
Patches
Vulnerability mechanics
Root cause
"The application passes an unsanitized URL parameter (`next`) to `router.push`, which executes `javascript:` URIs as code in the browser."
Attack vector
An attacker crafts a malicious URL such as `http://HOST/signup?next=javascript:alert(window.origin)` and lures a victim into clicking it. If the victim is already authenticated, the XSS fires immediately when the page loads. If the victim is unauthenticated, the XSS triggers after they complete the signup flow. The `router.push` call passes the unsanitized value to `window.location`, which executes `javascript:` URIs, enabling arbitrary script execution in the victim's browser session. [CWE-79]
Affected code
The vulnerability resides in `autogpt_platform/frontend/src/app/(platform)/signup/useSignupPage.ts` at line 29. The `next` query parameter is read from the URL and passed directly to `router.push` or `router.replace` without any validation against dangerous schemes such as `javascript:`. This allows an attacker to inject arbitrary JavaScript via the `next` parameter.
What the fix does
The advisory recommends validating the `nextUrl` parameter before navigation by using the `URL` constructor to ensure the resolved URL stays within the same origin and uses only `http:` or `https:` schemes. A fallback to a safe default path (`/`) is applied when validation fails. The existing protection in `useLoginPage.ts` (checking that the path starts with `/` and not `//`) is cited as a pattern that could be applied to `useSignupPage.ts`.
Preconditions
- inputVictim must click a crafted link containing the `next` parameter with a `javascript:` URI.
- authIf the victim is unauthenticated, they must also complete the signup action for the XSS to trigger.
- authThe attacker does not need any authentication or prior access.
Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-j2cp-jg5q-38wjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.