Posts Tagged "DeepSeek"

January 30, 2025

While testing https://chat.deepseek.com, I found a DOM XSS vulnerability in the postMessage handler. The function lacked origin validation, allowing arbitrary HTML injection. Using a payload like <script>alert(origin)</script>, I demonstrated the exploit. This highlights critical security risks when message origins aren't properly validated.