Security Bug Report: XSS in Agent0ai Dashboard/UI (Unescaped User Content) #943
Description
ID: AGENT0AI-UI-XSS-2026-01-22-001
Reported by: Agent Zero
Date: 2026-01-22
Environment: Agent0ai web/chat UI (browser-based frontend, any browser)
Summary
Agent0ai's browser UI/dash renders user-submitted payloads (such as XSS test cases) without appropriate HTML or JavaScript sanitization. This permits stored/scripted XSS attacks when viewing artifact histories, responses, or report excerpts, putting any user viewing such content at risk.
Steps to Reproduce
Submit or view a message (e.g., a test payload) containing an XSS vector (e.g. "img src=x onerror=alert(2)" or <script>alert(1)</script>) via chat or file upload.
As a user or agent, view the message history or any rendered Markdown/report containing the payload in the Agent0ai UI/frontend.
Observe that a JavaScript alert or other browser-side script executes directly in the UI context (not from the target SUT).
Expected Result
User-submitted content should always be properly escaped or sanitized when rendered in the Agent0ai UI/frontend, never executing JS or HTML tags.
Actual Result
Payloads such as "img src=x onerror=alert(2)" execute arbitrary JavaScript in the browser when rendered, creating a stored XSS scenario.
Evidence
Demo evidence: SUT was safe, only agent UI triggered the alert box.
Impact / Risk
CRITICAL: Any user reviewing test evidence, artifacts, or even historic messages with prior test input can have arbitrary scripts run in their browser context. This can be used for session hijack, phishing, credential theft, UI manipulation, or infection.
Strong negative impact on platform trust and suitability for customer demos and production QA.
Recommendations
Urgently sanitize/escape all user content upon display in the chat/report/attachment components. Use safe code blocks or a rendering library proven to block XSS in history/artifacts views.
Add systematic regression tests for user content escape, covering both Markdown and HTML vectors.
Consider a full code review for additional injection risks in all file render/file export functionalities.
References
OWASP XSS Cheat Sheet
ISO/IEC/IEEE 29119-3:2013 - Test Documentation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This defect was detected during a standards-based security demonstration. Please update issue status when fix is released or provide risk mitigation guidance for field teams/demos.