exploitDog

CVE-2025-56526

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

Ссылки

https://github.com/Cinnamon/kotaemon
Product
https://github.com/Cinnamon/kotaemon/commit/37cdc28
Patch
https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
Exploit
Third Party Advisory
https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73
Exploit
Third Party Advisory
https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cinnamon:kotaemon:*:*:*:*:*:*:*:*

Версия до 0.11.0 (включая)

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vfwg-j93f-wfr4

CVSS3: 6.1

github

3 месяца назад

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79