CVE-2025-56527

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.

Cinnamon/kotaemon
Cinnamon/kotaemon
An open-source RAG-based tool for chatting with your documents.
GitHubGitHub
25.4K
HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
Public disclosure for CVE-2025-56526 and CVE-2025-56527 — Stored XSS via unsanitized PDF content rendering and plaintext credential exposure in Kotaemon 0.11.0. Includes full technical analysis, PoC, impact assessment, and responsible disclosure timeline.
GitHubGitHub
1