Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG
Vulnerability Description
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips `javascript:` and a few patterns. `data:` URLs (for example data:image/svg+xml,…) still pass. If a sanitized value is used in href/src, an attacker can execute a script. There is currently no fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Promptcraft Forge Studio 安全漏洞
Vulnerability Description
Promptcraft Forge Studio是Marcelo Tessaro个人开发者的一个开发者工具包。 Promptcraft Forge Studio存在安全漏洞,该漏洞源于URL方案检查不完整,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A