Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Defuddle: XSS via unescaped string interpolation in _findContentBySchemaText image tag
Vulnerability Description
Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event handler. This issue has been patched in version 0.9.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
defuddle 跨站脚本漏洞
Vulnerability Description
defuddle是Steph Ango个人开发者的一个网页内容提取与清理工具。 Defuddle 0.9.0之前版本存在跨站脚本漏洞,该漏洞源于_findContentBySchemaText方法将图像src和alt属性直接插入HTML字符串而未转义,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A