5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An attacker can inject an <img onerror=...> payload to run arbitrary JavaScript in the renderer, which can call exposed bridge APIs such as window.bridge.mcpServersManager.createServer. This enables unauthorized creation of MCP servers and lead to remote command execution. Version 0.15.3 fixes the issue.
Exploitability
AV:NAC:LPR:NUI:RScope
S:CImpact
C:HI:HA:H9.7/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HInput Validation