wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

OpenUI 代码注入漏洞

OpenUI是Weights & Biases开源的一个 UI 程序。 OpenUI 1.0及之前版本存在代码注入漏洞，该漏洞源于对文件frontend/public/annotator/index.html的错误操作，可能导致跨站脚本攻击。

N/A

N/A