CVE-2020-7734

HIGH

arachnys/cabot < 0.11.16 - Cross-Site Scripting via Endpoint Column

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7734. PoCs published by Abhiram V.

AI-analyzed exploit summary This is a technical writeup detailing a persistent XSS vulnerability in Cabot 0.11.12, where a malicious payload in the 'Address' field of a new instance triggers when an admin views the notification, leading to potential account takeover.

Description

All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.

Exploits (1)

exploitdb WRITEUP
by Abhiram V · textwebappsmultiple
https://www.exploit-db.com/exploits/48791

This is a technical writeup detailing a persistent XSS vulnerability in Cabot 0.11.12, where a malicious payload in the 'Address' field of a new instance triggers when an admin views the notification, leading to potential account takeover.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Cabot 0.11.12
Auth required
Prerequisites: User account with permissions to create instances · Admin interaction with the notification
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://itsmeanonartist.tech/blogs/blog2.html
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-CABOT-609862
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/arachnys/cabot/pull/694
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48791

Scores

CVSS v3 8.2
EPSS 0.0141
EPSS Percentile 81.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Details

CWE
CWE-79
Status published
Products (2)
arachnys/cabot < 0.11.16
pypi/cabot 0PyPI
Published Sep 22, 2020
Tracked Since Feb 18, 2026