[Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Download Can be Acheived.

PKM-er / Obsidian-Surfing

An Obsidian plugin that lets you browse the web within Obsidian.

MIT License

435 stars 27 forks source link

[Bug]: By Using Surfing Plugin and Gemini XSS Can be Triggered and Also Arbitary File Download Can be Acheived. #248

Open Mxfire0324 opened 4 months ago

Mxfire0324 commented 4 months ago

Bug Description

As Surfing plugin loads a website Inside Obsidian while we use Gemini Plugin and Surfing with it. It loads an Iframe window which can trigger a XSS or a Arbitrary File Download.

Relevant Screenshot

No response

To Reproduce

No response

Obsidian Version

1.5.12

web-browser-only

[X] Did you install only one web browser plugin?

Checklist

[X] I updated to the latest version of the plugin.

Quorafind commented 4 months ago

Do you mean that gemini plugin will open iframe via surfing?

Mxfire0324 commented 4 months ago

Do you mean that gemini plugin will open iframe via surfing?

Yup Correct

Quorafind commented 4 months ago

Could you tell me which plugin it is? Seems like there is some gemini plugins related to obsidian

Mxfire0324 commented 4 months ago

Could you tell me which plugin it is? Seems like there is some gemini plugins related to obsidian

Gemini Assistant 1.0.4