Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
[@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance
Vulnerability Description
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been present since commit `66bac03e`, was mitigated in commit `97977efa` (correctly configured web instances were no longer vulnerable) and fully fixed in commit `c4be1d3a` (included in release version 10.2.1). Users are advised to upgrade. Users unable to upgrade should enable a content-security-policy.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
cobalt 跨站脚本漏洞
Vulnerability Description
cobalt是imput开源的一个媒体下载器。 cobalt存在跨站脚本漏洞,该漏洞源于恶意的cobalt实例可能会使用javascript协议提供链接,当用户尝试从选择器下载项目时,会导致跨站脚本 (XSS)。
CVSS Information
N/A
Vulnerability Type
N/A