zhanglun lettura Cross-Site Scripting Vulnerability in RSS Handler Component

A cross-site scripting (XSS) vulnerability has been identified in the zhanglun lettura application, specifically in versions up to 0.1.22. The issue arises in the RSS handler component, within the file 'src/components/ArticleView/ContentRender.tsx'. The vulnerability allows for the injection of malicious scripts into the main WebView, as the application fails to properly sanitize user-controlled RSS content before rendering it. This lack of sanitization is compounded by the absence of a Content Security Policy (CSP) and the enabling of Tauri's file system allowlist, which together amplify the potential impact of the attack. Exploitation of this vulnerability is considered difficult, but a public exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser. In this case, the XSS vulnerability could be used to launch a Server-Side Request Forgery (SSRF) attack or to read and write files in the user's Download directory.

Reproduction

To reproduce this vulnerability, add a specially crafted RSS feed containing unsanitized HTML, including a script tag, into the zhanglun lettura application. The injected script will execute when the article is opened, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to the patched version of zhanglun lettura, which is available on the project's GitHub page.