77 matches found
CVE-2025-0745
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0745
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...
CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...
CVE-2025-0747
CVE-2025-0747 concerns a stored cross-site scripting vulnerability in EmbedAI. According to the sources, an authenticated attacker can inject malicious JavaScript into a chat message, which is executed when a user opens the chat. Documents from NVD/CVE lists describe the vulnerability and impact ...
CVE-2025-0746
CVE-2025-0746 concerns EmbedAI (≤2.1). A reflected XSS flaw exists in the /embedai/users/show/ endpoint, enabling an authenticated attacker to craft a malicious URL that injects JavaScript executed when the target user opens it. Affected products: EmbedAI versions 2.1 and earlier. The provided so...
CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...
CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...
CVE-2025-0745
CVE-2025-0745 affects EmbedAI 2.1 and earlier. The issue is inadequate access control that allows an authenticated attacker to retrieve database backups by requesting the endpoint /embedai/app/uploads/database/. This can lead to exposure of sensitive data stored in backups. The connected PT-2025-...
CVE-2025-0745 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0745 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0744 Improper Access Control vulnerability in EmbedAI
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
CVE-2025-0744 Improper Access Control vulnerability in EmbedAI
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
CVE-2025-0744
EmbedAI, version 2.1 and earlier, is exposed to an Improper Access Control vulnerability. An authenticated attacker can change their subscription plan without paying by issuing a POST to the payment endpoint (/demos/embedai/pmt_cash_on_delivery/pay or with spacing as described in sources). Root c...
CVE-2025-0743 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP...
CVE-2025-0743 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP...
CVE-2025-0743
CVE-2025-0743 affects EmbedAI 2.1 and earlier. Affected component: the /embedai/visits/show/ endpoints, whose access control is insufficient, allowing an authenticated attacker to obtain information about other users’ visits (IP address, user agent, and location). This is described across multipl...
CVE-2025-0739
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...
CVE-2025-0741
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...
CVE-2025-0740
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...