CVE-2025-56526
MEDIUMKotaemon < 0.11.0 - Stored Cross-Site Scripting via PDF Content Rendering
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-56526. PoCs published by HanTul.
AI-analyzed exploit summary This repository contains a detailed writeup and proof-of-concept for CVE-2025-56526 and CVE-2025-56527, which involve a stored XSS vulnerability in Kotaemon's PDF rendering and plaintext credential storage in localStorage, enabling credential theft and session hijacking.
Description
Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.
Exploits (1)
This repository contains a detailed writeup and proof-of-concept for CVE-2025-56526 and CVE-2025-56527, which involve a stored XSS vulnerability in Kotaemon's PDF rendering and plaintext credential storage in localStorage, enabling credential theft and session hijacking.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N