📦 Embedai

A stored XSS vulnerability in EmbedAI allows authenticated attackers to inject malicious JavaScript into chat messages. When other users view these messages, the script executes in their browsers, pot...

An authenticated attacker can change their subscription plan without payment by manipulating POST requests to the payment endpoint. This affects all EmbedAI installations version 2.1 and below where u...

An Improper Access Control vulnerability in EmbedAI 2.1 and earlier allows authenticated attackers to access database backup files via a specific endpoint. This exposes sensitive database information ...

An Improper Access Control vulnerability in EmbedAI 2.1 and earlier allows authenticated attackers to view other users' subscription information by manipulating the SUSCBRIPTION_ID parameter. This aff...

An authenticated attacker can access other users' chat messages in EmbedAI by manipulating the CHAT_ID parameter in the load_messages endpoint. This affects all EmbedAI users running version 2.1 or ea...

A reflected cross-site scripting vulnerability in EmbedAI versions 2.1 and below allows authenticated attackers to inject malicious JavaScript via crafted URLs. When users click these malicious links,...

An Improper Access Control vulnerability in EmbedAI 2.1 and earlier allows authenticated attackers to access other users' files by manipulating the FILE_ID parameter in the /embedai/files/show/ endpoi...

An authenticated attacker can write messages into other users' chat sessions by manipulating the 'chat_id' parameter in EmbedAI's chat functionality. This affects all users of EmbedAI version 2.1 and ...