[GHSA-cvhv-6xm6-c3v4] Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler

[cai0duque]

Updates

• CVSS v4

Comments
Updated CVSS 4.0 metrics for greater accuracy.

1. Changed User Interaction (UI) to 'Passive (P)': The vulnerability is a Reflected XSS where the payload is interpolated into an inline <script> tag. Execution occurs immediately upon visiting the malicious URL (loading the page), which fits the CVSS 4.0 definition of Passive interaction better than Active.
2. Increased Subsequent Integrity (SI) to 'High (H)': As noted in the description, the attacker can interact with connected MCP servers and perform actions on the victim's behalf, justifying a High Integrity impact.

[Copilot]

Pull request overview

Updates the advisory’s CVSS v4.0 vector to better reflect the reported reflected XSS behavior and downstream integrity impact.

Changes:

• Adjusted CVSS v4.0 User Interaction (UI) from Active (A) to Passive (P)
• Increased Subsequent Integrity (SI) from Low (L) to High (H)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shelbyc]

Hi @cai0duque, I re-read the description of GHSA-cvhv-6xm6-c3v4 and determined that Cloudflare, Inc provided an accurate CVSS 4.0 score. Performing actions as another user but not being able to change everything about that user's data is a good example of a low integrity impact.