You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the URL preview function, due to insufficient URL validation, arbitrary JavaScript is executed when a malicious URL is "View in Player" or "View in Window" during preview.
Ry0taK Analyst
Impact
URLプレビュー機能において、URLの検証が不十分なため、悪意のあるURLをプレビュー時に「プレイヤーで表示」もしくは「ウィンドウで表示」を行った場合に任意のJavaScriptが実行されます。
In the URL preview function, due to insufficient URL validation, arbitrary JavaScript is executed when a malicious URL is "View in Player" or "View in Window" during preview.
Patches
13.3.2で修正されています。
This has been fixed in 13.3.2.
Workarounds
当該機能を使用しない。
Do not use the said function.