CVE-2025-58353
Published
CVSS v3
8.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
Promptcraft Forge Studio is a minimal, developer-first toolkit that treats prompts like real software artifacts: files, diffs, tests, releases. Build prompts with variables, guards, and evaluation suites. Run A/B tests, export to multiple providers, keep everything reproducible.
GitHub