漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values
Vulnerability Description
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the `prosemirror_to_html` gem is vulnerable to Cross-Site Scripting (XSS) attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Applications that use `prosemirror_to_html` to convert ProseMirror documents to HTML, user-generated ProseMirror content, and end users viewing the rendered HTML output are all at risk of attack. This issue is fixed in version 0.2.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ProsemirrorToHtml 跨站脚本漏洞
Vulnerability Description
ProsemirrorToHtml是Etamin Studio开源的一个HTML代码转换工具。 ProsemirrorToHtml 0.2.0及之前版本存在跨站脚本漏洞,该漏洞源于未正确转义HTML属性值,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A