Stored Cross-Site Scripting in EmbedAI by EmbedAI Inc.
CVE-2025-0747

8.6HIGH

Key Information:

Vendor: Embedai
Status: Embedai
Vendor: CVE Published:; 30 January 2025

Summary

A security vulnerability has been identified in EmbedAI that permits authenticated attackers to inject harmful JavaScript code into messages. When a user accesses the chat feature, this malicious script executes, potentially compromising user data and facilitating further attacks. Mitigating this vulnerability is crucial to ensure the integrity of the application and protect users from an array of potential security threats.

Affected Version(s)

EmbedAI 0 < 2.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

David Utón Amaya (m3n0sd0n4ld)