CVE-2026-55659: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gristlabs grist-core
A cross-site scripting (XSS) vulnerability exists in gristlabs grist-core prior to version 1.7.15. Several server-rendered pages embed user-controlled input without proper escaping, including document names, descriptions, and an OAuth2 parameter. Exploitation allows injected scripts to run in the victim's Grist origin, potentially enabling escalation from document editor to owner-level access. This vulnerability is fixed in version 1.7.15.
AI Analysis
Technical Summary
Grist-core versions before 1.7.15 improperly neutralize user input during web page generation, leading to a reflected and stored cross-site scripting (CWE-79) vulnerability. User-controlled values such as document names, descriptions, and the OAuth2 openerOrigin parameter are embedded into pages and inline scripts without full escaping. This allows an attacker with document editor privileges to inject scripts that execute in the context of other users' authenticated sessions, enabling reading/modifying data and changing sharing/access settings, effectively escalating privileges to owner level. The issue is resolved in version 1.7.15.
Potential Impact
Successful exploitation allows an attacker with document editor access to execute arbitrary scripts in the context of other users' sessions. This can lead to unauthorized data access or modification and privilege escalation to owner-level permissions within the affected Grist document. The vulnerability does not impact availability but compromises confidentiality and integrity.
Mitigation Recommendations
Upgrade to grist-core version 1.7.15 or later, where this vulnerability is fixed. No other mitigation or temporary workaround is documented. Patch status is confirmed by the vendor advisory stating the fix in 1.7.15.
CVE-2026-55659: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gristlabs grist-core
Description
A cross-site scripting (XSS) vulnerability exists in gristlabs grist-core prior to version 1.7.15. Several server-rendered pages embed user-controlled input without proper escaping, including document names, descriptions, and an OAuth2 parameter. Exploitation allows injected scripts to run in the victim's Grist origin, potentially enabling escalation from document editor to owner-level access. This vulnerability is fixed in version 1.7.15.
CVSS v3.1
Score 7.7high
Affected software
pkg:github/gristlabs/grist-coreRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Grist-core versions before 1.7.15 improperly neutralize user input during web page generation, leading to a reflected and stored cross-site scripting (CWE-79) vulnerability. User-controlled values such as document names, descriptions, and the OAuth2 openerOrigin parameter are embedded into pages and inline scripts without full escaping. This allows an attacker with document editor privileges to inject scripts that execute in the context of other users' authenticated sessions, enabling reading/modifying data and changing sharing/access settings, effectively escalating privileges to owner level. The issue is resolved in version 1.7.15.
Potential Impact
Successful exploitation allows an attacker with document editor access to execute arbitrary scripts in the context of other users' sessions. This can lead to unauthorized data access or modification and privilege escalation to owner-level permissions within the affected Grist document. The vulnerability does not impact availability but compromises confidentiality and integrity.
Mitigation Recommendations
Upgrade to grist-core version 1.7.15 or later, where this vulnerability is fixed. No other mitigation or temporary workaround is documented. Patch status is confirmed by the vendor advisory stating the fix in 1.7.15.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-17T00:05:03.777Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a515e2368715ace43325a08
Added to database: 07/10/2026, 21:03:31 UTC
Last enriched: 07/10/2026, 21:17:45 UTC
Last updated: 07/11/2026, 02:04:27 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.