Lucene search
+L

4 matches found

cvelist
cvelist
added 3 days ago32 views

CVE-2026-58500 MCP Appium: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector...

8.2CVSS0.00276EPSS
Exploits0References2
ptsecurity
ptsecurity
added 3 days ago4 views

PT-2026-57883

Name of the Vulnerable Software and Affected Versions MCP Appium versions prior to 1.85.10 Description The createLocatorGeneratorUI function fails to escape HTML or JavaScript context when interpolating element attributes—specifically text, content-desc, resource-id, and locator selector...

8.2CVSS6.2AI score0.00276EPSS
Exploits0References4
snyk
snyk
added 2026/06/19 9:43 p.m.7 views

Cross-site Scripting (XSS)

Overview appium-mcp is an Intelligent MCP server providing AI assistants with powerful tools and resources for Appium mobile automation Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createLocatorGeneratorUI function. An attacker can execute arbitrary...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References2
osv
osv
added 2026/06/19 9:43 p.m.10 views

GHSA-X975-RGX4-5FH4 appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI Summary appium-mcp's createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector values — directly into an HTML template literal without any HTM...

8.2CVSS6.4AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder