在 `/src/modules/plugin/hooks/upload/index.ts` 文件中发现存储型XSS漏洞。该漏洞源于在使用key定义文件名时完全没有对文件后缀进行校验，可能导致恶意用户上传包含脚本的文件，从而引发XSS攻击。 #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

dogdogcan wants to merge 2 commits into cool-team-official:8.x from dogdogcan:8.x

Enhance your code review process with GitHub Actions

GitHub Actions make it easy to automate all your software workflows, now with world-class CI/CD.
Build, test, and deploy your code right from GitHub. Learn more about GitHub Actions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

在 `/src/modules/plugin/hooks/upload/index.ts` 文件中发现存储型XSS漏洞。该漏洞源于在使用key定义文件名时完全没有对文件后缀进行校验，可能导致恶意用户上传包含脚本的文件，从而引发XSS攻击。 #231

Uh oh!

Enhance your code review process with GitHub Actions

Linux, macOS, Windows, and containers

Matrix builds

Any language

Live logs

Built-in secret store

Multi-container testing

在 /src/modules/plugin/hooks/upload/index.ts 文件中发现存储型XSS漏洞。该漏洞源于在使用key定义文件名时完全没有对文件后缀进行校验，可能导致恶意用户上传包含脚本的文件，从而引发XSS攻击。 #231

Are you sure you want to change the base?

Uh oh!

Enhance your code review process with GitHub Actions

Linux, macOS, Windows, and containers

Matrix builds

Any language

Live logs

Built-in secret store

Multi-container testing

在 `/src/modules/plugin/hooks/upload/index.ts` 文件中发现存储型XSS漏洞。该漏洞源于在使用key定义文件名时完全没有对文件后缀进行校验，可能导致恶意用户上传包含脚本的文件，从而引发XSS攻击。 #231