CVE-2024-57783

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-57783

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57783.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-57783

Published

2025-06-02T14:15:21Z

Modified

2025-06-03T03:50:57.528656Z

Summary

[none]

Details

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

References

https://github.com/alexpinel/Dot/issues/28
https://dotapp.uk
https://github.com/EDMPL/Vulnerability-Research/tree/main/CVE-2024-57783

Affected packages

Git / github.com/alexpinel/dot

Affected ranges

Type: GIT
Repo: https://github.com/alexpinel/dot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

80cff8828bed8eb57d13c3cc4151bdfa00f0e263

Affected versions

v0.*

v0.9-beta

v0.9.1

v0.9.2

v0.9.3