Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UiPath Assistant 注入漏洞
Vulnerability Description
UiPath Assistant是UiPath的一款专用工具,旨在让用户从桌面与机器人进行交互变得轻松有趣。 UiPath Assistant 21.4.4 存在安全漏洞,该漏洞源于提供给 uipath-assistant:// URI 处理程序的 --process-start 参数的用户控制数据未正确编码,导致攻击者控制的内容被注入显示的错误消息中(当注入的内容不匹配时)现有流程)。攻击者可以利用它在 Electron 应用程序的上下文中执行 JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A