jackfromeast

Hi, Wechatsync developer! Currently, the markdown rendering page does not sanitize user input for scripts, which can lead to Cross-site Scripting (XSS) in the markdown preview page. #### Payload ```...

Prototype pollution vulnerability found in pace-js that leads by html injection

2

Hi, pace developers! ### Summary I have discovered a prototype pollution vulnerability in the `pace-js` package, which can be exploited via attacker-controlled scriptless HTML elements on web pages. This vulnerability...

### Checklist - [X] The issue exists after disabling all extensions - [X] The issue exists on a clean installation of webui - [X] The issue is caused by an...