CVE-2026-7299: Appsmith SQL Editor Stored XSS via Database Object Names
Appsmith, a low-code application development platform, contains a stored cross-site scripting (XSS) vulnerability in its SQL query editor. An authenticated developer can craft malicious database object names (table or column names) that, when rendered by the autocomplete feature, inject and execute arbitrary JavaScript in the browsers of other workspace members. This is a *persistence* risk—the malicious payload lives in the database schema itself and activates whenever a colleague accesses the same data source, potentially compromising their sessions and Appsmith workspace access.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-79
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-02 / 2026-06-17
NVD description (verbatim)
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.
7 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from improper input sanitization in the SQL editor's autocomplete functionality. Database object names are inserted directly into the DOM via innerHTML without escaping HTML entities or validating content. An attacker with Developer role permissions can create or modify table or column names containing JavaScript payloads. When another workspace member interacts with the autocomplete dropdown for that datasource, the payload executes in their browser context with their privileges. The attack requires prior access to create or modify database schema (either direct DB access or Appsmith developer permissions) and user interaction (viewing autocomplete suggestions), but the persistence aspect amplifies impact across the workspace.
Business impact
Compromised developer sessions could allow attackers to exfiltrate sensitive data, modify application logic, alter datasource credentials, or pivot to other workspace projects. In shared development environments, a single malicious schema change can affect multiple team members. Since Appsmith is often used to expose backend databases through low-code interfaces, session hijacking could provide indirect access to production data. The reputational risk of stored XSS in a development platform is significant, as it undermines trust in the integrity of workspace collaboration.
Affected systems
Appsmith versions prior to the patched release are affected. Vulnerability requires Developer role or higher within an Appsmith workspace and assumes the ability to modify database schema or datasource configuration. Teams using Appsmith with untrusted or adversarial developers, shared workspaces with insufficient access controls, or direct database write access from Appsmith should prioritize investigation.
Exploitability
Exploitation requires authenticated access (Developer role minimum) and assumes the attacker can influence database schema—either by controlling the underlying database or by having write permissions within Appsmith's datasource configuration. The attack is reliable once the malicious schema is in place; any colleague viewing the autocomplete dropdown will trigger execution. However, the barrier to entry (authentication + schema modification capability) prevents mass exploitation. The reliance on user interaction (opening autocomplete) slightly reduces the attack surface compared to passive delivery, but is not a strong control.
Remediation
Appsmith has patched this vulnerability by sanitizing database object names before rendering them in the DOM. Users should upgrade to the patched version (verify the specific version number in Appsmith's security advisory). As an interim control, restrict Developer role permissions in shared workspaces to only trusted individuals, and implement database schema auditing to detect unauthorized or suspicious object names. Consider using read-only datasources where possible to limit the attack surface.
Patch guidance
Check Appsmith's official security advisory and release notes for the patched version number and upgrade timeline. The fix involves escaping or sanitizing HTML content before insertion into the DOM, likely by replacing innerHTML with textContent or using a templating engine that auto-escapes. After patching, verify that the SQL editor's autocomplete no longer renders unescaped object names. Test with a sample malicious table name to confirm the fix is in place. Note: verify the exact patch version against the vendor advisory, as version numbers are not provided in this report.
Detection guidance
Monitor for HTTP requests to Appsmith containing unusual characters (script tags, event handlers, quotes) in datasource or query parameters, particularly during database introspection or schema discovery operations. Log all schema modifications and correlate them with user accounts—look for tables or columns with names containing '<', '>', 'javascript:', or event handler syntax. In the browser, inspect the DOM for rendered object names that contain unescaped HTML; legitimate names should not contain these patterns. If Appsmith provides query logs, search for unusual autocomplete interactions or exceptions during rendering.
Why prioritize this
Scored MEDIUM (6.3 CVSS) due to the requirement for authentication and user interaction, but the *persistent* nature of the attack and the potential for lateral compromise within a workspace elevate concern. Unlike reflected XSS, this threat lives in your data and re-triggers for multiple users. Development teams are high-value targets for attackers seeking to compromise downstream applications. Prioritize patching in environments where multiple developers share Appsmith workspaces or where external consultants have access. If you operate Appsmith in air-gapped or non-production environments, this is lower urgency.
Risk score, explained
CVSS 3.1 score of 6.3 reflects: Network attack vector (AV:N—Appsmith is typically web-hosted), Low attack complexity (AC:L—no special conditions needed to inject malicious names), Low privileges required (PR:L—Developer role is a standard low-code role), but User interaction required (UI:R—autocomplete must be triggered). Confidentiality impact is High (C:H—session hijacking can expose workspace data and credentials), Integrity impact is Low (I:L—the direct payload effect is XSS, not schema modification), and Availability impact is None (A:N). The MEDIUM severity appropriately balances the authentication barrier against the persistence risk.
Frequently asked questions
Does this affect Appsmith end-users who only view published apps, not developers?
No. The vulnerability requires Developer role or higher to modify database schema. End-users of published Appsmith applications are not at risk unless they are also developers within the same workspace with access to the SQL editor.
Can an attacker exploit this without any Appsmith credentials?
No. The attacker must first authenticate to Appsmith with Developer-level access or higher, or have direct write access to the underlying database. This is not a zero-auth vulnerability.
If we patch Appsmith, do we need to clean up existing malicious schema names?
Yes. Patching stops *new* injections, but any malicious object names already created in the database will persist. After patching, audit your database for suspicious table or column names and rename or remove them. The patch will render them safely, but they should be removed for hygiene.
How does this differ from a regular stored XSS in a web application?
The payload is stored in the database schema itself (table and column names) rather than in application data. This means it is decentralized and harder to quarantine—it persists across sessions and affects multiple users whenever they interact with that datasource, making it a particularly insidious form of stored XSS.
This analysis is provided for informational purposes and reflects the state of information as of the publication date. Patch version numbers and specific vendor remediation steps should be verified against Appsmith's official security advisory. Exploitation in production environments is not condoned. Organizations should verify compatibility and perform testing before deploying patches to critical systems. SEC.co makes no warranty regarding the completeness or accuracy of third-party vendor guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2019-25731MEDIUMStored XSS in Zuz Music 2.1 Contact Form
- CVE-2019-25737MEDIUMStored XSS in Live Chat Unlimited 2.8.3 – Admin Session Compromise
- CVE-2019-25739MEDIUMGigToDo 1.3 Stored XSS Vulnerability in Proposal Descriptions
- CVE-2019-25742MEDIUMStored XSS in Zoner Real Estate WordPress Theme 4.1.1 – Admin Account Compromise Risk
- CVE-2019-25743MEDIUMWordPress Soliloquy Lite 2.5.6 Stored XSS Vulnerability
- CVE-2019-25744MEDIUMWordPress Popup Builder 3.49 Stored XSS Vulnerability – Exploit Prevention & Patch Guide
- CVE-2025-14042MEDIUMStored XSS in Automotive Car Dealership Business WordPress Theme 13.4.1