2 matches found
CVE-2025-66222
DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...
PT-2025-48981
Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 0.5.0 Description DeepChat, an AI smart assistant, contains a Stored Cross-Site Scripting XSS issue within the Mermaid diagram renderer. This allows an attacker to execute arbitrary JavaScript code within the...