GHSA-53rg-46cm-4g2vMediumCVSS 6.1
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor...
🔗 CVE IDs covered (1)
📋 Description
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard.
🔗 References (5)
- https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg
- https://nvd.nist.gov/vuln/detail/CVE-2026-56263
- https://github.com/unclecode/crawl4ai
- https://www.vulncheck.com/advisories/crawl4ai-stored-cross-site-scripting-in-monitor-dashboard
- https://github.com/advisories/GHSA-53rg-46cm-4g2v