5 matches found
GHSA-6M7C-XFHP-P9FH Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the customIcon.svg field and renders it using Solid's innerHTML directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM...
CVE-2026-28445
CVE-2026-28445 affects Typebot up to version 3.15.2, where the RatingButton embed component renders user-controlled customIcon.svg via Solid innerHTML without sanitization, despite DOMPurify being present elsewhere. Because rating blocks aren’t flagged as unsafe by the import sanitizer and the bu...
CVE-2026-28445 Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...
CVE-2026-28445 Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...
CVE-2024-22637
Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /formbuilder/preview.php?formid=2...