漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink
Vulnerability Description
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks the rendered content, the script executes in the context of their session.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
lute 跨站脚本漏洞
Vulnerability Description
lute是D个人开发者的一款结构化的Markdown引擎。 lute 1.7.6及之前版本存在跨站脚本漏洞,该漏洞源于Markdown渲染引擎存在存储型跨站脚本,可能导致在用户会话环境中执行恶意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A