Appsmith is vulnerable to a critical stored cross-site scripting flaw that allows a standard user to escalate privileges and achieve a full administrative account takeover.

This critical stored XSS vulnerability originates from a lack of HTML sanitization within the React rendering pipeline of the Table Widget. An authenticated attacker with a regular user account can inject malicious attributes that, when viewed by a System Administrator via the "Invite Users" feature, execute a high-privileged API call to capture environment variables and take over the administrative account.

A successful exploit results in the complete compromise of the Appsmith instance. By gaining access to the /api/v1/admin/env endpoint, an attacker can extract sensitive configuration data and credentials, leading to total administrative control. Given the CVSS score of 9.0, this represents a severe risk to organizational data integrity and the security of internal tools built on the platform.

Immediate Action: Update Appsmith to version 1.96 or later immediately to apply the necessary HTML sanitization patches.

Proactive Monitoring: Audit the "Invite Users" logs and review any suspicious activity originating from the Table Widget components or unexpected calls to administrative API endpoints.

Compensating Controls: Implement strict Content Security Policy (CSP) headers to restrict the execution of inline scripts and unauthorized API requests.

Public Exploit Available: No

The severity of this privilege escalation vulnerability cannot be overstated. Organizations utilizing Appsmith for internal tooling must prioritize the update to version 1.96. Immediate remediation is required to prevent authenticated users from gaining unauthorized administrative access to the environment.