Discussion

Sergio Medeiros

Vulnerability Operations @ Synack. InfoSec's Village Idiot. Documenting my journey of pivoting out of a decade long sales career to breaking

Sep 20, 2025

CVE-2025-57203: Stored XSS in MagicAI 9.1 (AI Chat) Enables Arbitrary JavaScript Execution

Discovered by: Michael Kim & Sergio MedeirosVendor: LiquidThemesProduct: MagicAI (a.k.a. MagicProject AI)Affected version: 9.1 (other versions untested)Impact: Arbitrary JavaScript execution in users’ browsers (stored XSS)Attack type: Authenticated r...

Search Hashnode

CVE-2025-57203: Stored XSS in MagicAI 9.1 (AI Chat) Enables Arbitrary JavaScript Execution

Responses