Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (Tab…

Critical Stored XSS vulnerability in Appsmith platform's Table Widget (TableWidgetV2) prior to version 1.96. The vulnerability stems from lack of HTML sanitization in React component rendering pipeline, allowing malicious DOM attribute interpolation. Attackers with regular user accounts can exploit the 'Invite Users' feature to force System Administrators to execute privileged API calls (/api/v1/admin/env), resulting in complete administrative account takeover. The vulnerability has been patched in version 1.96.