EmbedAI
by EmbedAI
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0747 | Hig | 0.56 | 8.6 | 0.00 | Jan 30, 2025 | A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat. | ||
| CVE-2025-0740 | Hig | 0.56 | 8.6 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>". | ||
| CVE-2025-0739 | Hig | 0.56 | 8.6 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUS… | ||
| CVE-2025-0745 | Hig | 0.49 | 7.5 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint. | ||
| CVE-2025-0744 | Hig | 0.49 | 7.5 | 0.00 | Jan 30, 2025 | an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay"… | ||
| CVE-2024-5185 | Hig | 0.47 | 7.3 | 0.00 | May 29, 2024 | The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the… | ||
| CVE-2025-0746 | Med | 0.40 | 6.1 | 0.00 | Jan 30, 2025 | A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript… | ||
| CVE-2025-0742 | Med | 0.38 | 5.8 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>". | ||
| CVE-2025-0741 | Med | 0.38 | 5.8 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message". | ||
| CVE-2025-0743 | Med | 0.34 | 5.3 | 0.00 | Jan 30, 2025 | An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided… |
- risk 0.56cvss 8.6epss 0.00
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat.
- risk 0.56cvss 8.6epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>".
- risk 0.56cvss 8.6epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUS…
- risk 0.49cvss 7.5epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint.
- risk 0.49cvss 7.5epss 0.00
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay"…
- risk 0.47cvss 7.3epss 0.00
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript…
- risk 0.38cvss 5.8epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>".
- risk 0.38cvss 5.8epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message".
- risk 0.34cvss 5.3epss 0.00
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided…