Impact
LibreChat, an enhanced ChatGPT clone, has a stored cross‑site scripting vulnerability in its markdown artifact preview pipeline that arises when the marked library v15.0.12 does not escape double‑quote characters in image alt text, allowing an attacker to craft alt text that injects an arbitrary event handler. When the alt text is rendered in the Sandpack preview iframe, the injected script executes in the victim’s browser. The affected product is LibreChat distributed by danny‑avila. Versions prior to 0.8.4‑rc1 are impacted, with the issue fixed in 0.8.4‑rc1 and later releases. The CVSS score of 5.4 indicates moderate severity, and EPSS data is unavailable. Since the flaw requires a user to view a crafted artifact preview, exploitation is likely a local or social‑engineering scenario rather than a remote attack from an untrusted network. Once the preview is rendered, the injected script runs with the privileges of the logged‑in user, potentially allowing session hijacking or data theft. Overall risk is moderate, but impact can be high if the script runs in privileged contexts.
Affected Systems
The affected product is LibreChat distributed by danny‑avila. Versions prior to 0.8.4‑rc1 are impacted; the issue is fixed in 0.8.4‑rc1 and later releases.
Risk and Exploitability
The reported CVSS score is 5.4, indicating a moderate severity. EPSS data is unavailable, and the vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit the flaw by submitting a crafted markdown artifact that includes malicious alt text; the attack requires a user to view the artifact preview, which is typically a local or social‑engineering scenario rather than a remote exploitation from an untrusted network source. Once the preview is rendered, the injected script executes with the privileges of the logged‑in user, potentially allowing session hijacking or data theft. Given the moderate CVSS score and the lack of automatic exploitation metrics, the overall risk is moderate but the impact can be high if the script runs in privileged contexts.
OpenCVE Enrichment