AML.T0048.003

User Harm

User harms may encompass a variety of harm types including financial and reputational that are directed at or felt by individual victims of the attack rather than at the organization level.

19 CVEs mapped View on MITRE ATLAS →

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-1115	lollms: Stored XSS enables wormable account takeover	lollms	9.6
HIGH	GHSA-gqqj-85qm-8qhf	paperclipai: connector trust bypass enables Gmail read/write	paperclipai	8.7
HIGH	CVE-2026-35394	mobile-mcp: intent injection enables device control via AI agent		8.3
HIGH	CVE-2026-44549	open-webui: XSS via XLSX preview enables session hijack	open-webui	7.3
HIGH	CVE-2025-7725	WP Contest Gallery: Stored XSS exposes OpenAI API creds		7.2
MEDIUM	CVE-2024-7044	Open WebUI: Stored XSS via file upload, session hijack	open-webui	6.8
MEDIUM	CVE-2025-7021	OpenAI Operator: fullscreen spoofing captures credentials	operator	6.5
MEDIUM	CVE-2023-27494	Streamlit: reflected XSS enables session hijacking	streamlit	6.1
MEDIUM	CVE-2024-8021	Gradio: open redirect exposes AI demo users to phishing	gradio	6.1
MEDIUM	CVE-2024-4940	Gradio: open redirect enables phishing against ML users	gradio	6.1
MEDIUM	GHSA-q4fm-pjq6-m63g	n8n: Stored XSS in Form Trigger enables phishing	n8n	5.4
MEDIUM	CVE-2024-47872	Gradio: stored XSS via malicious file upload	gradio	5.4
MEDIUM	CVE-2026-40864	JupyterHub: CSRF bypass on spawn and share endpoints	jupyterhub	5.4
MEDIUM	CVE-2026-44550	open-webui: mass assignment enables cross-user folder injection	open-webui	5.0
MEDIUM	CVE-2026-44568	open-webui: XSS in pending overlay enables session hijack	open-webui	4.8
MEDIUM	GHSA-w673-8fjw-457c	n8n: stored XSS enables phishing via Form Node	n8n	4.1
MEDIUM	GHSA-h8r8-wccr-v5f2	DOMPurify: mXSS bypass achieves XSS via parse-context switch		—
HIGH	CVE-2025-47783	Label Studio: XSS enables unauthorized actions via CSRF	label-studio	—
UNKNOWN	CVE-2026-42230	n8n: MCP OAuth open redirect enables phishing	n8n	—