Home > Vulnerability Database > CVE-2024-57783

Mend.io Vulnerability Database

CVE-2024-57783

Date: June 1, 2025

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

Severity Score

8.1

Related Resources (5)

Url: https://github.com/EDMPL/Vulnerability-Research/tree/main/CVE-2024-57783

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-57783

Url: https://dotapp.uk

Url: https://github.com/alexpinel/Dot/issues/28

Url: https://www.mend.io/vulnerability-database/CVE-2024-57783

Severity Score

8.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-57783

Date: June 1, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?