Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Download Can be Acheived. #248

Open
2 tasks done
Mxfire0324 opened this issue May 12, 2024 · 4 comments
Open
2 tasks done

[Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Download Can be Acheived. #248

Mxfire0324 opened this issue May 12, 2024 · 4 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@Mxfire0324
Copy link

Mxfire0324 commented May 12, 2024
edited
Loading

Bug Description

As Surfing plugin loads a website Inside Obsidian while we use Gemini Plugin and Surfing with it. It loads an Iframe window which can trigger a XSS or a Arbitrary File Download.

Relevant Screenshot

No response

To Reproduce

No response

Obsidian Version

1.5.12

web-browser-only

  • Did you install only one web browser plugin?

Checklist

  • I updated to the latest version of the plugin.
@Mxfire0324 Mxfire0324 added the bug Something isn't working label May 12, 2024
@Mxfire0324 Mxfire0324 changed the title [Bug]: By Using Surfing Plugin and Gemini XSS and XSS Can be Triggered and Also Arbitary File Upload Can be Acheived [Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Upload Can be Acheived. May 12, 2024
@Mxfire0324 Mxfire0324 changed the title [Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Upload Can be Acheived. [Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Download Can be Acheived. May 12, 2024
@Quorafind
Copy link
Collaborator

Do you mean that gemini plugin will open iframe via surfing?

@Mxfire0324
Copy link
Author

Do you mean that gemini plugin will open iframe via surfing?

Yup Correct

@Quorafind
Copy link
Collaborator

Could you tell me which plugin it is? Seems like there is some gemini plugins related to obsidian

@Mxfire0324
Copy link
Author

Mxfire0324 commented May 12, 2024
edited
Loading

Could you tell me which plugin it is? Seems like there is some gemini plugins related to obsidian

Gemini Assistant 1.0.4
image

@Quorafind Quorafind added the help wanted Extra attention is needed label May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Quorafind @Mxfire0324