| 标题 | lettura v0.1.22 XSS |
|---|
| 描述 | The description.content of media_object is directly concatenated into HTML and rendered via wraperWithRadix/HTMLReactParser without going through DOMPurify; controllable RSS content can be directly XSS'd to the main WebView, and the fact that CSP is off while Tauri allowlist is enabled with "fs" amplifies the impact. Attackers could exploit this vulnerability to launch an SSRF attack or read/write the contents of the Download folder. |
|---|
| 来源 | ⚠️ https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3 |
|---|
| 用户 | cranb3rry (UID 72730) |
|---|
| 提交 | 2025-12-27 03時13分 (4 月前) |
|---|
| 管理 | 2026-01-04 09時57分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 339487 [zhanglun lettura 直到 0.1.22 RSS ContentRender.tsx 跨网站脚本] |
|---|
| 积分 | 19 |
|---|