Jeremia Geraldi Sihombing

2 exploits Active since Jul 2024
CVE-2024-57783 WRITEUP HIGH WRITEUP
Dot < 0.9.3 - Cross-Site Scripting and Remote Code Execution via innerHTML DOM Injection
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
CVSS 8.1
CVE-2024-39143 EXPLOITDB MEDIUM WORKING POC
ResidenceCMS 2.10.1 - Stored Cross-Site Scripting via Property Content
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
CVSS 5.4