CVE-2026-28445: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baptisteArno typebot.io
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.
AI Analysis
Technical Summary
Typebot.io versions 3.15.2 and earlier contain a cross-site scripting vulnerability (CWE-79) in the RatingButton component of the embed package. This component directly injects user-controlled customIcon.svg content into the DOM using Solid's innerHTML directive without sanitization, even though DOMPurify is available and used elsewhere. Because rating blocks are not marked as unsafe by the import sanitizer and the builder preview runs inline on builder.typebot.io with a Content Security Policy allowing 'unsafe-inline', an attacker can execute arbitrary HTML/JavaScript in the authenticated builder context. This bypasses the Web Worker sandbox that normally protects script blocks during preview, enabling session hijacking and privilege escalation. The vulnerability is resolved in version 3.16.0.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary HTML and JavaScript in the authenticated context of the typebot.io builder application. This can lead to session hijacking and privilege escalation, compromising the security of the builder environment. There is no indication of impact on availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
This vulnerability has been fixed in typebot.io version 3.16.0. Users and administrators should upgrade to version 3.16.0 or later to remediate this issue. Patch status is not explicitly stated beyond the fix in 3.16.0, so verify with the vendor advisory for the latest remediation guidance.
CVE-2026-28445: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baptisteArno typebot.io
Description
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Typebot.io versions 3.15.2 and earlier contain a cross-site scripting vulnerability (CWE-79) in the RatingButton component of the embed package. This component directly injects user-controlled customIcon.svg content into the DOM using Solid's innerHTML directive without sanitization, even though DOMPurify is available and used elsewhere. Because rating blocks are not marked as unsafe by the import sanitizer and the builder preview runs inline on builder.typebot.io with a Content Security Policy allowing 'unsafe-inline', an attacker can execute arbitrary HTML/JavaScript in the authenticated builder context. This bypasses the Web Worker sandbox that normally protects script blocks during preview, enabling session hijacking and privilege escalation. The vulnerability is resolved in version 3.16.0.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary HTML and JavaScript in the authenticated context of the typebot.io builder application. This can lead to session hijacking and privilege escalation, compromising the security of the builder environment. There is no indication of impact on availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
This vulnerability has been fixed in typebot.io version 3.16.0. Users and administrators should upgrade to version 3.16.0 or later to remediate this issue. Patch status is not explicitly stated beyond the fix in 3.16.0, so verify with the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-27T15:54:05.140Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a10847be1370fbb481eba60
Added to database: 5/22/2026, 4:29:47 PM
Last enriched: 5/22/2026, 4:44:43 PM
Last updated: 5/22/2026, 6:29:27 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.