CVE-2025-0746

Name of the Vulnerable Software and Affected Versions EmbedAI versions 2.1 and earlier

Description A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injection of malicious JavaScript code, which will be executed when a user opens the malicious URL.

Recommendations For EmbedAI versions 2.1 and earlier, consider disabling access to the "/embedai/users/show/" endpoint until a patch is available. Restrict the use of the SCRIPT variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.