Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns
Vulnerability Description
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Promptcraft Forge Studio 安全漏洞
Vulnerability Description
Promptcraft Forge Studio是Marcelo Tessaro个人开发者的一个开发者工具包。 Promptcraft Forge Studio存在安全漏洞,该漏洞源于使用正则表达式黑名单清理用户输入不当,可能导致执行恶意有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A