OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. This issue has been patched in version 4.0.0-rc.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

OpenList Frontend 跨站脚本漏洞

OpenList Frontend是OpenList Team开源的一个应用程序,保护开源项目免受基于信任的攻击。 OpenList Frontend 4.0.0-rc.4之前版本存在跨站脚本漏洞，该漏洞源于文件预览功能中.py文件可能被解释为HTML，导致存储型跨站脚本攻击。

N/A

N/A