CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

cobalt 跨站脚本漏洞

cobalt is an imput open source media downloader. A cross-site scripting vulnerability exists in cobalt that stems from the fact that a malicious instance of cobalt may provide links using the javascript protocol, which can lead to cross-site scripting XSS when a user attempts to download items fr...