### [CVE-2025-58353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58353)
![](https://img.shields.io/static/v1?label=Product&message=promptcraft-forge-studio&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-184%3A%20Incomplete%20List%20of%20Disallowed%20Inputs&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brightgreen)

### Description

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining  LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.

### POC

#### Reference
- https://github.com/MarceloTessaro/promptcraft-forge-studio/security/advisories/GHSA-mv25-7v95-q3pf

#### Github
No PoCs found on GitHub currently.