Description

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An attacker can exploit this to inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session.

INFO

Published Date :

2025-11-07T00:00:00.000Z

Last Modified :

2025-11-07T16:33:57.050Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63785 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63785.

URL Resource
https://blog.soohyun.tech/CVE-2025-63785-DOM-XSS-in-Onlook-27e557175d2e80e1b210c75b77952115 cve-icon cve-icon
https://tossbank.notion.site/DOM-XSS-in-onlook-27e557175d2e80e1b210c75b77952115 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System