CVE-2026-12228

parisneo · lollms

A stored cross-site scripting (XSS) vulnerability in the parisneo lollms API allows attackers to inject malicious scripts that execute in the context of other users, including administrators.

Executive summary

A stored XSS vulnerability in parisneo lollms enables remote attackers to achieve account takeover or session hijacking by injecting malicious scripts into the application Home Feed.

Vulnerability

This vulnerability is a stored cross-site scripting flaw located in the create_post function within the backend/routers/social/init.py file. An authenticated attacker can inject malicious JavaScript into the social feature, which is then executed in the browsers of other users who view the Home Feed.

Business impact

Successful exploitation poses a severe risk to organizational security, as the execution of malicious scripts in an administrator's browser can lead to complete account takeover and session hijacking. Given the CVSS score of 8.7, this is classified as a high-severity issue that could facilitate wormable attacks, potentially compromising the integrity of the entire application environment and exposing sensitive data processed by the LLM system.

Remediation

Immediate Action: Update parisneo lollms to version 2.2.0 or later to apply the necessary input sanitization fixes.

Proactive Monitoring: Review application access logs for unusual POST requests directed at the /api/prompts/share endpoint and monitor for unexpected client-side script execution.

Compensating Controls: Deploy a Web Application Firewall (WAF) with strict XSS filtering rules to inspect and block malicious payloads targeting the social API endpoints.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The severity of this vulnerability is elevated by the potential for administrative account compromise. Administrators must prioritize upgrading to version 2.2.0 immediately to eliminate the injection vector and secure the application against unauthorized access and potential wormable exploitation.