What happened
A huntr-reported vulnerability (CVSS 8.7) found that lollms's prompt-sharing feature stores unsanitized HTML/JavaScript from a shared prompt into a direct-message record, which then executes when the recipient views the DM.
Why it matters
lollms is an LLM chat/prompt-management platform with a social/sharing layer; a stored XSS reachable via prompt sharing can be weaponized to hijack administrator sessions or propagate through the user base whenever prompts are shared, turning a core collaboration feature into an account-takeover vector.
Attack vector
The POST /api/prompts/share endpoint stores attacker-controlled prompt_content directly into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message containing the shared prompt, the malicious script executes in their browser session, including administrator sessions.
Affected systems
parisneo/lollms (latest version as of disclosure)
Mitigation
Patch pending per huntr bounty disclosure; sanitize/encode prompt_content before storage and on render until an official fixed version is released.