High severity8.1NVD Advisory· Published Jun 2, 2025· Updated Apr 15, 2026

CVE-2024-57783

Description

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dotapp.uknvd
github.com/EDMPL/Vulnerability-Research/tree/main/CVE-2024-57783nvd
github.com/alexpinel/Dot/issues/28nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000