Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Proton 跨站脚本漏洞
Vulnerability Description
Proton是steventhanna个人开发者的一个使用 Electron 快速预览和编辑 Markdown 文件的独立应用程序。 Proton v0.2.0版本存在安全漏洞,该漏洞源于允许在 markdown 文件中创建恶意链接。
CVSS Information
N/A
Vulnerability Type
N/A