CVE-2025-58353

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-58361

CVE-2025-58361 : Promptcraft Forge Studio contains an incomplete URL scheme check in its validation.ts that does not block XSS via SVG/data URLs. User-controlled URLs pass through the check and, if used in href/src, can allow script execution. Affected: Promptcraft Forge Studio (all versions) wit...

CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

PT-2025-36092

Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex...

PT-2025-36093

Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio, a toolkit for evaluating, optimizing, and maintaining LLM-powered applications, contains an incomplete URL scheme check that does not prevent...

Promptcraft Forge Studio 安全漏洞

Promptcraft Forge Studio is a developer toolkit for Marcelo Tessaro Individual Developer. A security vulnerability exists in Promptcraft Forge Studio that stems from improperly cleaning up user input using a regular expression blacklist, which could lead to the execution of a malicious payload...