CVE-2026-24903 MEDIUM

CVE-2026-24903: OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

Vendor Algonetlab
Product OrcaStatLLM-Researcher
Weakness CWE-79 · XSS
Published February 6, 2026
Last update February 6, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through malicious research topic inputs.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 6, 2026 Record updated

Related vulnerabilities

04Related CVE