Insecure Output Handling: Exploiting XSS in LLM Applications (Part 1) Cross Site Scripting (XSS) is one of the most well understood vulnerabilities in web applications. The root cause is simple …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

LLM-powered applications reintroduce XSS vulnerabilities through insecure output handling (OWASP LLM05). When model output is inserted into the DOM without encoding, attackers can craft prompts that cause the LLM to generate malicious HTML or script tags, bypassing input sanitization. Two attack scenarios are covered: reflected XSS where the payload executes immediately via a chatbot response, and stored XSS where a payload submitted as a testimonial is later retrieved through the LLM and rendered as active HTML for other users. Both scenarios demonstrate cookie exfiltration via externally hosted JavaScript. The root cause is an inconsistent trust model — applications sanitize user input but implicitly trust LLM output.

Insecure Output Handling: Exploiting XSS in LLM Applications (Part 1)

Get Irem Bezci ’s stories in your inbox