CVE-2025-56526 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

Medium CVSS: 6.1

CVE-2025-56526

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

Vendor

Product

CWE

Yayın Tarihi

2025-11-18 17:16:04

Güncelleme

2025-12-02 19:35:45

Source Identifier

cve@mitre.org

KEV Date Added

-

Kategoriler

CWE-79 Kotaemon MEDIUM Cinnamon 2025

Referanslar

https://github.com/Cinnamon/kotaemon https://github.com/Cinnamon/kotaemon/commit/37cdc28 https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73 https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363