PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12228 parisneo CVE debrief

CVE-2026-12228 is a stored cross-site scripting (XSS) vulnerability in the `POST /api/prompts/share` endpoint of parisneo/lollms. The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side sanitization. When a victim opens the direct message (DM) thread, the message is rendered by the DM UI through `MessageContentRenderer`, which uses `v-html` to insert rendered HTML into the DOM. The frontend sanitizer, which is regex-based, fails to comprehensively sanitize attacker-controlled HTML, allowing malicious payloads to execute in the victim's browser context.

Vendor
parisneo
Product
parisneo/lollms
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-18
Original CVE updated
2026-07-18
Advisory published
2026-07-18
Advisory updated
2026-07-18

Who should care

Users of parisneo/lollms, particularly those hosting the application, should be aware of this vulnerability. An authenticated user can send a malicious prompt-share message to another user's inbox, leading to arbitrary JavaScript execution, authenticated actions as the victim, exposure of same-origin application data, and potential account takeover.

Technical summary

The vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms. The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side sanitization. The frontend sanitizer fails to comprehensively sanitize attacker-controlled HTML, allowing malicious payloads to execute in the victim's browser context. This enables any authenticated user to send a malicious prompt-share message to another user's inbox, leading to arbitrary JavaScript execution.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor's official patch or upgrade to a patched version.
  • Implement additional input validation and sanitization for user-controlled input.
  • Monitor for suspicious activity, such as unusual login attempts or changes to user accounts.
  • Consider implementing a web application firewall (WAF) to detect and prevent XSS attacks.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The vulnerability was reported by [email protected] and is tracked as CVE-2026-12228. The NVD entry is currently Received. This stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms. The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side sanitization. When a victim opens the direct message (DM) thread, the message is rendered by the DM UI through `MessageContentRenderer`, which uses `v-html` to insert rendered HTML into the DOM. The frontend sanitizer, which is regex-based, fails to comprehensively sanitize attacker-controlled HTML, allowing malicious payloads to execute in the victim's browser context. Users of parisneo/lollms, particularly those hosting the application, should be aware of this vulnerability. An authenticated user can send a malicious prompt-share message to another user's inbox, leading to arbitrary JavaScript execution, authenticated actions as the victim, exposure of same-origin application data, and potential account takeover.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T21:17:03.040Z and has not been modified since then. The NVD entry is currently Received.