Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Nov 19, 2025
CVE-2025-56526
CVE-2025-56526
Description
Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.
Affected products
2- Kotaemon/Kotaemondescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/Cinnamon/kotaemon/commit/37cdc28mitre
- harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73mitre
- skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363mitre
News mentions
0No linked articles in our index yet.