Vendor
Alexpinel
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- Dot2 CVEsnpm
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57783 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2025 | The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs. | ||
| CVE-2020-8141 | 0.00 | — | 0.02 | Mar 15, 2020 | The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype. |
- risk 0.53cvss 8.1epss 0.00
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
- CVE-2020-8141Mar 15, 2020risk 0.00cvss —epss 0.02
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.