Josephdourden

**Name of the Vulnerable Software and Affected Versions** MCP Registry versions prior to 1.7.7 **Description** The public catalogue UI served at the 'GET /' endpoint is subject to stored cross-site scripting. This occurs via the `server.websiteUrl` field of published `server.json` files. The server-side validation function `validateWebsiteURL()` in `internal/validators/validators.go` fails to reject quote characters, only verifying that the URL is absolute, parses correctly, and uses the HTTPS scheme. On the client side, the value is inserted into a double-quoted `href` attribute using `innerHTML` and a custom `escapeHtml()` helper. Because this helper does not encode double quotes, an attacker can break out of the attribute and append arbitrary event handlers. The existing Content-Security-Policy allows `unsafe-inline` scripts, enabling the execution of these handlers. Any user capable of obtaining a publish token via 'POST /v0/auth/github-at' or 'POST /v0/auth/none' can plant a malicious record visible to all visitors of the registry homepage. **Recommendations** Update to version 1.7.7. As a temporary workaround, restrict the use of the `server.websiteUrl` parameter in published `server.json` files to ensure they do not contain quote characters.