Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries
Vulnerability Description
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Poddycast 跨站脚本漏洞
Vulnerability Description
Poddycast是一个由电子制作的播客应用程序。 Poddycast 中存在跨站脚本漏洞,该漏洞源于产品不会清除播客信息中HTML特殊字符。攻击者可通过该漏洞引起客户端代码执行。以下产品及版本受到影响:Poddycast 0.8 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A