CVE-2026-24903

Publication date

2026-02-06 17:46:20

Family

GitHub_M

State

PUBLISHED

Description

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims browsers through malicious research topic inputs.