Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An attacker can exploit this to inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Onlook 安全漏洞
Vulnerability Description
Onlook是Onlook开源的一个源码可视化编辑工具。 Onlook 0.2.32版本存在安全漏洞,该漏洞源于文本编辑器功能未正确清理用户输入,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A