Member-only story

Critical XSS in DeepSeek AI

It4chis3c
System Weakness
Published in
4 min readFeb 3, 2025

--

Hey guys! 👋 In today’s brief write-up, I’ll walk you through a critical reflected XSS vulnerability discovered in the newly launched DeepSeek AI. This bug was reported by Muhammad Saud, and I came across the PoC on LinkedIn, so I thought of sharing how it was performed.

Credit: DALL-E

📌 Bug reported by: Muhammad Saud

🔗 LinkedIn: Muhammad Saud

⚡ XSS Vulnerability Discovered in DeepSeek AI ⚡

During security testing on DeepSeek AI’s chat platform, Muhammad Saud attempted various XSS payload injections to analyze input sanitization and execution restrictions. Here’s a breakdown of how he managed to bypass security measures and execute JavaScript:

🔍 Step 1: Basic Payload Injection

He first tried a simple XSS payload to check whether DeepSeek AI filters malicious scripts:

<img src=x onerror=confirm(1)>

💡 Outcome: The system blocked execution and only returned a textual explanation, meaning it had some basic protections…

--

--

Published in System Weakness

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Written by It4chis3c

Security Researcher | Bug Bounties | Tips & Tricks

Responses (1)