5 matches found
CVE-2025-55733
DeepChat (prior to version 0.3.1) is affected by a remote code execution flaw that is triggered by embedding a specially crafted deepchat: URL on any website. When a user visits the site or clicks the link, the browser invokes the DeepChat app’s custom URL handler, which launches the application ...
CVE-2025-67744
DeepChat prior to 0.5.3 is affected by a Mermaid diagram rendering vulnerability that allows arbitrary JavaScript execution. The issue arises from the Electron IPC renderer being exposed to the DOM, enabling a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE) and al...
CVE-2025-66481
CVE-2025-66481 concerns DeepChat, an open-source AI chat platform. Affected versions: 0.5.1 and earlier. The vulnerability stems from improper sanitization of Mermaid content, making it susceptible to cross-site scripting (XSS). The security patch for MermaidArtifact.vue is insufficient and can b...
CVE-2025-58768
CVE-2025-58768 affects DeepChat prior to version 0.3.5, specifically in the Mermaid chart rendering component where user content is directly written via innerHTML. This creates an XSS vulnerability that can trigger an exploit chain, potentially allowing arbitrary JavaScript execution and arbitrar...
CVE-2025-66222
DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...