Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
asbplayer 安全漏洞
Vulnerability Description
asbplayer是Raphael-Joel Lim个人开发者的一个语言学习工具。 asbplayer v1.13.0版本存在安全漏洞,该漏洞源于字幕加载功能存在任意文件上传,可能导致攻击者通过上传特制字幕文件执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A