Skip to content

Stored XSS Vulnerability Report – mcp-context-forge

Moderate
brian-hussey published GHSA-x6gc-rm5j-55mw Jun 15, 2026

Package

mcp-context-forge-ui

Affected versions

0.2.0

Patched versions

0.3.1

Description

Summary

A Stored Cross-Site Scripting (XSS) vulnerability exists in the mcp-context-forge project. The issue allows an attacker to persistently inject JavaScript payloads into the MCP Admin UI via Global Prompts feature. When a user views the template, the JavaScript executes in the browser context, enabling full UI compromise, phishing, or Potential keystroke logging or fake login overlays.

PoC

  1. After login go to "Global Prompts" feature.
  2. Then look at the Add new prompt.
  3. Add name and description as you want.
  4. In the Template section add this below code to prove that it is vulnerable to stored xss.

for identification of XSS you can use below input in template section

<img src=x onerror="alert('XSS Executed')">

For UI defacement you can use below input

<img src=x onerror="document.body.innerHTML='<h1 style=color:red;text-align:center;margin-top:20%>🔥 This MCP Gateway is Compromised 🔥</h1><p style=text-align:center>Reported by DevSec Hacker</p>';">

Screen.Recording.2025-07-07.at.4.47.33.PM.mov
  1. Then click on Add Prompt button
  2. Go to available prompts
  3. click on view button for this prompt that we saved.
  4. BOOM!!!
  5. it will work.
Screen.Recording.2025-07-07.at.5.14.10.PM.mov

Impact

JavaScript execution in the context of the Admin UI
Full UI defacement or phishing attacks
Potential keystroke logging or fake login overlays

Severity

Moderate

CVE ID

CVE-2026-53711

Weaknesses

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Learn more on MITRE.

Credits