You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
brian-hussey
published
GHSA-x6gc-rm5j-55mwJun 15, 2026
Package
mcp-context-forge-ui
Affected versions
0.2.0
Patched versions
0.3.1
Description
Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in the mcp-context-forge project. The issue allows an attacker to persistently inject JavaScript payloads into the MCP Admin UI via Global Prompts feature. When a user views the template, the JavaScript executes in the browser context, enabling full UI compromise, phishing, or Potential keystroke logging or fake login overlays.
PoC
After login go to "Global Prompts" feature.
Then look at the Add new prompt.
Add name and description as you want.
In the Template section add this below code to prove that it is vulnerable to stored xss.
for identification of XSS you can use below input in template section
<img src=x onerror="alert('XSS Executed')">
For UI defacement you can use below input
<img src=x onerror="document.body.innerHTML='<h1 style=color:red;text-align:center;margin-top:20%>🔥 This MCP Gateway is Compromised 🔥</h1><p style=text-align:center>Reported by DevSec Hacker</p>';">
Screen.Recording.2025-07-07.at.4.47.33.PM.mov
Then click on Add Prompt button
Go to available prompts
click on view button for this prompt that we saved.
BOOM!!!
it will work.
Screen.Recording.2025-07-07.at.5.14.10.PM.mov
Impact
JavaScript execution in the context of the Admin UI
Full UI defacement or phishing attacks
Potential keystroke logging or fake login overlays
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Learn more on MITRE.
Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in the mcp-context-forge project. The issue allows an attacker to persistently inject JavaScript payloads into the MCP Admin UI via Global Prompts feature. When a user views the template, the JavaScript executes in the browser context, enabling full UI compromise, phishing, or Potential keystroke logging or fake login overlays.
PoC
for identification of XSS you can use below input in template section
<img src=x onerror="alert('XSS Executed')">For UI defacement you can use below input
<img src=x onerror="document.body.innerHTML='<h1 style=color:red;text-align:center;margin-top:20%>🔥 This MCP Gateway is Compromised 🔥</h1><p style=text-align:center>Reported by DevSec Hacker</p>';">Screen.Recording.2025-07-07.at.4.47.33.PM.mov
Screen.Recording.2025-07-07.at.5.14.10.PM.mov
Impact
JavaScript execution in the context of the Admin UI
Full UI defacement or phishing attacks
Potential keystroke logging or fake login overlays