js · appium-mcpCritical

appium-mcp: Stored/Reflected XSS in createLocatorGeneratorUI

The `createLocatorGeneratorUI` function in `src/ui/mcp-ui-utils.

20 Jun 2026Read 1 minSeverity: act now

What changed

The `createLocatorGeneratorUI` function in `src/ui/mcp-ui-utils.ts` interpolates attacker-controlled element attributes (`text`, `content-desc`, `resource-id`, and locator selector values) directly into an HTML template literal without HTML or JavaScript context escaping, leading to stored/reflected XSS.

Who it affects

Any developer using `appium-mcp` with an MCP client that renders HTML resources (e.g., VS Code with Appium MCP extension) and inspecting elements from an attacker-controlled application.

What to do today

Apply HTML-escaping to all element properties in the HTML context and use `JSON.stringify` for values embedded inside JavaScript string literals in `onclick` handlers.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · appium-mcp

appium-mcp: Stored/Reflected XSS in createLocatorGeneratorUI

What changed

Who it affects

What to do today

More on appium-mcp

@openzeppelin/wizard: Arbitrary code injection via info.securityContact and info.license fields

TypeORM Blind SQL Injection in UpdateQueryBuilder and SoftDeleteQueryBuilder (MySQL/MariaDB)