CVE-2026-24903

Name of the Vulnerable Software and Affected Versions OrcaStatLLM Researcher (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the Log Message within the Session Page of OrcaStatLLM Researcher. This allows attackers to inject and execute arbitrary JavaScript code into the browsers of those affected. The attack vector involves providing malicious research topic inputs. The application is an LLM-based research paper generator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.