CVE-2024-57783 HIGH

CVE-2024-57783

Vendor Alexpinel

Product Dot

Weakness CWE-79 · XSS

Published June 2, 2025

Last update June 2, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

Key dates

02Disclosure timeline

June 2, 2025 CVE published

June 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-57783 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-25119 WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability CVE-2025-63032 WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability CVE-2011-2920 Spacewalk: spacewalk: cross-site scripting vulnerability allows arbitrary web script execution. CVE-2022-29433 https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability