The vulnerability is a reflected cross‑site scripting flaw in the SillyTavern application. When a fetch request to an external URL fails, the error handler emits an HTTP 500 response that includes the raw attacker‑controlled URL string (req.params.url) concatenated with the error text. Because the URL is not HTML‑escaped, an attacker can embed malicious JavaScript in the URL, causing the browser to execute it in the context of the SillyTavern UI. This permits full client‑side code execution, allowing theft of session cookies, manipulation of the interface, or loading of additional malware, thereby compromising confidentiality and integrity of the user’s session.

SillyTavern local UI, version 1.17.x or earlier. The issue was patched in release 1.18.0. Hence all installations running a pre‑1.18.0 build are vulnerable.

The CVSS v3.1 base score is 6.9, indicating a medium severity flaw that requires user interaction to trigger. EPSS is not available, providing no guidance on current exploitation probability, and the defect is not listed in the CISA KEV catalog, implying no confirmed widespread exploitation yet. The flaw can be exercised by any user who can supply a URL that causes a fetch error; the attacker only needs to lure a victim into accessing a malicious URL that triggers the error response, which the browser then renders. Because the reflected payload is executed in the victim’s browser, the impact is limited to the client side, but the attack can be used to compromise potentially sensitive information or impersonate the user.