Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS in Caret markdown editor leads to remote code execution when viewing crafted Markdown files
Vulnerability Description
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Caret 跨站脚本漏洞
Vulnerability Description
Caret是一款用于绘制分类和回归模型的软件包。 Caret存在安全漏洞,该漏洞源于其启用预览模式时,攻击者可以利用精心制作的Markdown文件实现跨站脚本导致能够在受害用户的客户端执行代码。
CVSS Information
N/A
Vulnerability Type
N/A