Primary

Context

DeepSeek Cross-Site Scripting Vulnerability

Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in DeepSeek versions R1 through V3.1. This vulnerability allows remote attackers to execute arbitrary code by injecting malicious payloads into unspecified input fields. The issue arises from insecure handling of user-generated content, which can be exploited to execute harmful JavaScript in the victim's browser.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where an attacker can execute scripts in the context of the user's session.

Reproduction

The vulnerability can be reproduced by uploading a file or requesting the AI to generate a program that includes a payload, such as JavaScript code. This injected code can then be executed, demonstrating the XSS vulnerability.

Added: Sep 3, 2025, 2:19 PM

Updated: Sep 3, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DeepSeek Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating