exploitDog

CVE-2025-56527

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.

Ссылки

https://github.com/Cinnamon/kotaemon
Product
https://github.com/Cinnamon/kotaemon/commit/37cdc28
Patch
https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
Exploit
Third Party Advisory
https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73
Exploit
Third Party Advisory
https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363?pvs=74
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cinnamon:kotaemon:*:*:*:*:*:*:*:*

Версия до 0.11.0 (включая)

EPSS

Процентиль: 20%

0.00064

Низкий

7.5 High

CVSS3

Дефекты

CWE-256

Связанные уязвимости

GHSA-p7mm-hwh2-5wx4

CVSS3: 7.5

github

3 месяца назад

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.

EPSS

Процентиль: 20%

0.00064

Низкий

7.5 High

CVSS3

Дефекты

CWE-256