VYPR
High severity8.1OSV Advisory· Published Jun 2, 2025· Updated Apr 15, 2026

CVE-2024-57783

CVE-2024-57783

Description

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Alexpinel/DotOSV2 versions
    v0.9-beta, v0.9.1, v0.9.2, …+ 1 more
    • (no CPE)range: v0.9-beta, v0.9.1, v0.9.2, …
    • (no CPE)range: <=0.9.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.