漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability
Vulnerability Description
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.
CVSS Information
N/A
Vulnerability Type
CWE-692
Vulnerability Title
CryptPad 安全漏洞
Vulnerability Description
CryptPad是CryptPad开源的一个协作办公套件。 CryptPad 2025.3.0之前版本存在安全漏洞,该漏洞源于Link Bouncer功能过滤不足,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A