CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

Grist 跨站脚本漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A cross-site scripting vulnerability exists in Grist versions prior to 1.3.1, which stems from a vulnerability that allows an attacker to execute malicious JavaScript code, which could lead to compromised user accounts, information...