CVE-2025-63785

Name of the Vulnerable Software and Affected Versions Onlook versions 0.2.32

Description A DOM-based Cross-Site Scripting (XSS) issue exists in the text editor feature. The problem arises because user-supplied input is not properly sanitized before being injected into the DOM via innerHTML when editing a text element. An attacker can inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session.

Recommendations Update to a newer version that contains a fix for this vulnerability.