PT-2025-23513 · Electron +2 · Electron +2

Name of the Vulnerable Software and Affected Versions: Dot versions 0.9.3 and earlier Description: The issue allows for XSS and resultant command execution. This is because user input and LLM output are appended to the DOM with innerHTML, specifically in render.js. Additionally, the Electron wind...

Remote Code Execution

@editorjs/editorjs is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system via pasted input into wrapper's innerHTML method...