Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability
Vulnerability Description
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.
CVSS Information
N/A
Vulnerability Type
CWE-692
Vulnerability Title
CryptPad 安全漏洞
Vulnerability Description
CryptPad是CryptPad开源的一个协作办公套件。 CryptPad 2025.3.0之前版本存在安全漏洞,该漏洞源于Link Bouncer功能过滤不足,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A