P1 Vulnerability in XPN: Zip Extraction Exposes Path Traversal Risk

A critical security flaw in the XPN software's archive handling allows attackers to write files anywhere on a user's system. The vulnerability, a classic 'zip-slip' attack, resides in the `XOutshine.h` export module. The code directly passes user-supplied filenames from a `.xpn` archive to the extraction function without any validation. A malicious archive containing filenames with `../` sequences can bypass the intended extraction directory, enabling arbitrary file writes and potential system compromise.

The root cause is in `Source/Export/XOutshine.h` at lines 484-492. The current implementation calls `zip.uncompressEntry(i, extractDir + "/" + filename);` without sanitizing the `filename` variable. This lack of a guard allows path traversal sequences to be interpreted by the filesystem, directing extracted content to parent or sibling directories. The issue is a direct consequence of trusting archive metadata without canonicalization or boundary checks.

This vulnerability poses a significant risk to any user opening untrusted `.xpn` files, as it could lead to the overwriting of critical system files or the planting of executable malware. The proposed fix involves adding a simple filter to skip entries containing `..` or absolute paths. For robust protection, developers recommend further canonicalizing the resolved destination path and programmatically asserting it remains within the intended `extractDir` boundary before performing the extraction.