Описание
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior.
Ссылки
- Permissions Required
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:deepseek:deepseek-r1:1.0:*:*:*:*:*:*:*
cpe:2.3:a:deepseek:deepseek-v2:-:*:*:*:*:*:*:*
cpe:2.3:a:deepseek:deepseek-v3:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
8.8 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.8
github
5 месяцев назад
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.
EPSS
Процентиль: 30%
0.0011
Низкий
8.8 High
CVSS3
Дефекты
CWE-79