{"data":{"id":"176eb1d2-f92f-455a-b35c-7fb5ab177be7","title":"CVE-2025-51859: Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker ca","summary":"Chaindesk has a stored XSS vulnerability (cross-site scripting, where malicious code is saved and runs in users' browsers) in its chat feature through May 26, 2025. An attacker can trick the AI agent's system prompt (the instructions that control how an LLM behaves) to output harmful scripts that execute when users view conversations, potentially stealing session tokens (security credentials that prove who you are) and taking over accounts.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-51859","publishedAt":"2025-07-22T15:15:36.623Z","cveId":"CVE-2025-51859","cweIds":["CWE-79"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Chaindesk"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00056,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}