Severity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
AnalysisAI
Cross-site scripting (XSS) vulnerability in Dot desktop application (versions through 0.9.3) that allows unauthenticated local attackers to execute arbitrary commands with high complexity due to unsafe DOM manipulation via innerHTML. The vulnerability chains user input and LLM output directly into the DOM without sanitization, combined with Electron's Node.js API access, enabling command execution. This is a local attack vector with high impact on confidentiality, integrity, and availability.
Technical ContextAI
The vulnerability exists in render.js where both user-supplied input and Large Language Model (LLM) generated output are directly appended to the DOM using the innerHTML property. This violates secure coding practices for XSS prevention (CWE-79: Improper Neutralization of Input During Web Page Generation). The root cause is the absence of input validation, output encoding, and Content Security Policy (CSP) enforcement. The Electron framework, while providing cross-platform desktop capabilities, compounds the risk by enabling renderer processes to access Node.js APIs (require statements, child_process module), which transforms what would be a traditional web XSS into a local code execution vulnerability. The attack surface includes any user input fields that feed LLM prompts and any LLM responses rendered to the UI. CPE for affected product: cpe:2.3:a:dot:dot:*:*:*:*:*:*:*:* (versions <= 0.9.3).
RemediationAI
Upgrade to Dot version 0.9.4 or later (specific patch version not disclosed in CVE; check official Dot GitHub repository or releases page); priority: Critical Code-Level Mitigation: Replace innerHTML usage with textContent or innerText for user-controlled and LLM output data in render.js. If HTML rendering is required, use a safe HTML sanitization library such as DOMPurify or xss.js with strict allowlists. Security Hardening: Implement Content Security Policy (CSP) headers in Electron webPreferences to disable inline scripts and restrict script sources. Set sandbox: true and disable nodeIntegration in BrowserWindow configuration. Architecture Change: Separate renderer process from main process by using preload scripts and IPC (inter-process communication) rather than direct Node.js API access from renderer. This limits privilege escalation from XSS. Input Validation: Implement strict input validation and sanitization on all user-supplied data before rendering. Use allowlists for expected input formats. Workaround: If immediate patching is not possible, avoid processing untrusted or adversarial LLM outputs and disable features that accept complex user input in Dot until patched.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54618