Description
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (src/main/lib/svgSanitizer.ts) restricts script execution by scrubbing javascript: protocols using plain-text regular expressions. However, it fails to account for HTML entity decoding prior to Vue's v-html DOM insertion inside the SvgArtifact.vue component. By feeding an SVG artifact with obfuscated entities (e.g., javascript:alert(1)), an attacker can completely bypass the sanitizer, culminating in arbitrary JavaScript execution when a victim interacts with the rendered SVG Element. This vulnerability is fixed in v1.0.4-beta.1.
Published: 2026-05-11
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A persistent DOM XSS flaw exists in DeepChat versions before v1.0.4‑beta.1. The backend sanitizes SVG content by removing script execution patterns from plain text, but it does not account for HTML entity decoding that occurs before Vue’s v‑html rendering. An attacker can embed a malicious payload as an encoded entity (for example, j&#x61;vascript:alert(1)) inside an SVG artifact. When the victim views the artifact, the entity is decoded, the SVG sanitizer is bypassed, and the embedded JavaScript runs with the victim’s browser permissions. The impact includes arbitrary client‑side code execution, which can lead to data theft, session hijacking, or phishing attacks on the user. The vulnerability is limited to the victim’s browser; it does not provide a remote code execution command on the server. Because the exploit requires the victim to view a crafted SVG, the attack surface is narrow but still high risk for users who share or view SVG artifacts. The flaw is persistent – once the malicious SVG is delivered or stored, the XSS will trigger on every subsequent View. Given the CVSS score of 9.3, this is a high‑severity vulnerability. The EPSS score is unavailable, so the exploitation probability is uncertain; however, there is no indication that it has been actively exploited in the wild. The vulnerability is not currently listed in the CISA KEV catalog.

Affected Systems

ThinkInAIXYZ:deepchat, all releases before v1.0.4‑beta.1. The issue resides in the svgsanitizer.ts library and the SvgArtifact.vue component that renders SVG artifacts using v‑html.

Risk and Exploitability

The flaw can be exploited by a malicious actor who controls the content of an SVG artifact that a user will view. Because the attack relies on client‑side code execution, a privileged user can take over the victim’s session or steal data locally. The lack of an EPSS score and absence from KEV suggests no widespread exploitation yet, but the high CVSS indicates that once discovered, the vulnerability could be widely abused. An attacker needs only to craft the SVG and ensure it reaches the target; no additional privileges or vulnerabilities are required.

Generated by OpenCVE AI on May 11, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DeepChat to v1.0.4‑beta.1 or later, which fixes the SVG sanitizer bug
  • If upgrading immediately is not possible, refuse or strip SVG artifacts from user uploads until a safe rendering method is applied
  • Implement additional client‑side validation that removes or blocks JavaScript protocols in SVG content before Vue renders it
  • If you must render SVGs, replace the v‑html binding with a secure rendering library that enforces proper sanitization

Generated by OpenCVE AI on May 11, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Thinkinai
Thinkinai deepchat
Vendors & Products Thinkinai
Thinkinai deepchat

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (src/main/lib/svgSanitizer.ts) restricts script execution by scrubbing javascript: protocols using plain-text regular expressions. However, it fails to account for HTML entity decoding prior to Vue's v-html DOM insertion inside the SvgArtifact.vue component. By feeding an SVG artifact with obfuscated entities (e.g., j&#x61;vascript:alert(1)), an attacker can completely bypass the sanitizer, culminating in arbitrary JavaScript execution when a victim interacts with the rendered SVG Element. This vulnerability is fixed in v1.0.4-beta.1.
Title DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Thinkinai Deepchat
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T13:18:37.241Z

Reserved: 2026-05-04T16:11:33.085Z

Link: CVE-2026-43900

cve-icon Vulnrichment

Updated: 2026-05-12T13:18:29.407Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T23:20:21.557

Modified: 2026-05-12T14:50:18.527

Link: CVE-2026-43900

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:00:06Z

Weaknesses