漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An attacker can exploit this to inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Onlook 安全漏洞
Vulnerability Description
Onlook是Onlook开源的一个源码可视化编辑工具。 Onlook 0.2.32版本存在安全漏洞,该漏洞源于文本编辑器功能未正确清理用户输入,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A