Project AIRI 代码注入漏洞
Project AIRI is an AI dialog bot open-sourced by moeru-ai. Project AIRI version 0.7.2-beta.2 suffers from a code injection vulnerability that stems from the MarkdownRenderer.vue component directly using v-html to render unescaped HTML content, which could lead to cross-site scripting attacks, as...