Webb'L

测试文字： ```text // 计算文本的实际渲染宽度 let textCheckEl = null export const getTextActWidth = (text, style) => { if (!textCheckEl) { textCheckEl = document.createElement('div') textCheckEl.style.position = 'fixed' textCheckEl.style.left = '-99999px' document.body.appendChild(textCheckEl) }...

### 漏洞描述： + nodeCreateContents.js 文件中调用 this.getData('text') 并没有对内容进行过滤导致出现 xss(存储型跨站脚本攻击) 漏洞。 + 这意味着攻击者可以通过巧妙引导用户执行恶意代码。这种情况下，如果用户使用了思绪思维导图客户端，攻击者就能够访问用户系统中的文件或执行恶意脚本。 ### 漏洞利用： #### 网页端： **poc:** ```json {"layout":"timeline","root":{"data":{"text":"poc根节点","richText":true,"expand":true,"isActive":false,"uid":"5bc7c815-71c5-4b7d-aa14-c223074bde8b","note":""},"children":[]},"theme":{"template":"classic4","config":{}},"view":{"transform":{"scaleX":1,"scaleY":1,"shear":0,"rotate":0,"translateX":-7,"translateY":-27,"originX":0,"originY":0,"a":1,"b":0,"c":0,"d":1,"e":-7,"f":-27},"state":{"scale":1,"x":-7,"y":-27,"sx":-467,"sy":-6}}} ``` https://github.com/wanglin2/mind-map/assets/57182600/b41696b2-9c3c-44a2-a591-8da02539d6c2 #### 客户端： **poc:** ```json {"layout":"timeline","root":{"data":{"text":"poc根节点","richText":true,"expand":true,"isActive":false,"uid":"5bc7c815-71c5-4b7d-aa14-c223074bde8b","note":""},"children":[]},"theme":{"template":"classic4","config":{}},"view":{"transform":{"scaleX":1,"scaleY":1,"shear":0,"rotate":0,"translateX":-7,"translateY":-27,"originX":0,"originY":0,"a":1,"b":0,"c":0,"d":1,"e":-7,"f":-27},"state":{"scale":1,"x":-7,"y":-27,"sx":-467,"sy":-6}}} ```  ### 其他： 使用...

Exploit: ``` ``` 

### Vulnerability description: [quill 1.3.7 has xss vulnerability](https://www.cve.org/CVERecord?id=CVE-2021-3163) ### Exploit: ```html ```