Stored Cross-Site Scripting in EmbedAI by EmbedAI Inc.
CVE-2025-0747

8.6HIGH

Key Information:

Vendor: Embedai
Status: Embedai
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0747?

A security vulnerability has been identified in EmbedAI that permits authenticated attackers to inject harmful JavaScript code into messages. When a user accesses the chat feature, this malicious script executes, potentially compromising user data and facilitating further attacks. Mitigating this vulnerability is crucial to ensure the integrity of the application and protect users from an array of potential security threats.

Affected Version(s)

EmbedAI 0 < 2.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

David Utón Amaya (m3n0sd0n4ld)

Embedai

What is CVE-2025-0747?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit