CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit this to inject a malicious Model Context Protocol (MCP) server configuration, leading to Remote Code Execution (RCE) on the victim's machine when the node is clicked. Version 0.11.1 fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.3%

CVSS Severity

CVSS v3 Score 9.6

References

Products affected by CVE-2025-66580

Openagentplatform » Dive » Version: 0.1.0

cpe:2.3:a:openagentplatform:dive:0.1.0
Openagentplatform » Dive » Version: 0.1.1

cpe:2.3:a:openagentplatform:dive:0.1.1
Openagentplatform » Dive » Version: 0.10.0

cpe:2.3:a:openagentplatform:dive:0.10.0
Openagentplatform » Dive » Version: 0.10.1

cpe:2.3:a:openagentplatform:dive:0.10.1
Openagentplatform » Dive » Version: 0.11.0

cpe:2.3:a:openagentplatform:dive:0.11.0
Openagentplatform » Dive » Version: 0.2.0

cpe:2.3:a:openagentplatform:dive:0.2.0
Openagentplatform » Dive » Version: 0.2.1

cpe:2.3:a:openagentplatform:dive:0.2.1
Openagentplatform » Dive » Version: 0.3.0

cpe:2.3:a:openagentplatform:dive:0.3.0
Openagentplatform » Dive » Version: 0.3.1

cpe:2.3:a:openagentplatform:dive:0.3.1
Openagentplatform » Dive » Version: 0.3.2

cpe:2.3:a:openagentplatform:dive:0.3.2
Openagentplatform » Dive » Version: 0.4.0

cpe:2.3:a:openagentplatform:dive:0.4.0
Openagentplatform » Dive » Version: 0.5.0

cpe:2.3:a:openagentplatform:dive:0.5.0
Openagentplatform » Dive » Version: 0.5.1

cpe:2.3:a:openagentplatform:dive:0.5.1
Openagentplatform » Dive » Version: 0.6.0

cpe:2.3:a:openagentplatform:dive:0.6.0
Openagentplatform » Dive » Version: 0.6.1

cpe:2.3:a:openagentplatform:dive:0.6.1
Openagentplatform » Dive » Version: 0.6.2

cpe:2.3:a:openagentplatform:dive:0.6.2
Openagentplatform » Dive » Version: 0.6.3

cpe:2.3:a:openagentplatform:dive:0.6.3
Openagentplatform » Dive » Version: 0.7.0

cpe:2.3:a:openagentplatform:dive:0.7.0
Openagentplatform » Dive » Version: 0.7.1

cpe:2.3:a:openagentplatform:dive:0.7.1
Openagentplatform » Dive » Version: 0.7.2

cpe:2.3:a:openagentplatform:dive:0.7.2
Openagentplatform » Dive » Version: 0.7.3

cpe:2.3:a:openagentplatform:dive:0.7.3
Openagentplatform » Dive » Version: 0.7.4

cpe:2.3:a:openagentplatform:dive:0.7.4
Openagentplatform » Dive » Version: 0.7.5

cpe:2.3:a:openagentplatform:dive:0.7.5
Openagentplatform » Dive » Version: 0.7.6

cpe:2.3:a:openagentplatform:dive:0.7.6
Openagentplatform » Dive » Version: 0.7.7

cpe:2.3:a:openagentplatform:dive:0.7.7
Openagentplatform » Dive » Version: 0.7.8

cpe:2.3:a:openagentplatform:dive:0.7.8
Openagentplatform » Dive » Version: 0.7.9

cpe:2.3:a:openagentplatform:dive:0.7.9
Openagentplatform » Dive » Version: 0.8.0

cpe:2.3:a:openagentplatform:dive:0.8.0
Openagentplatform » Dive » Version: 0.8.1

cpe:2.3:a:openagentplatform:dive:0.8.1
Openagentplatform » Dive » Version: 0.8.2

cpe:2.3:a:openagentplatform:dive:0.8.2
Openagentplatform » Dive » Version: 0.8.3

cpe:2.3:a:openagentplatform:dive:0.8.3
Openagentplatform » Dive » Version: 0.8.4

cpe:2.3:a:openagentplatform:dive:0.8.4
Openagentplatform » Dive » Version: 0.8.5

cpe:2.3:a:openagentplatform:dive:0.8.5
Openagentplatform » Dive » Version: 0.8.6

cpe:2.3:a:openagentplatform:dive:0.8.6
Openagentplatform » Dive » Version: 0.8.7

cpe:2.3:a:openagentplatform:dive:0.8.7
Openagentplatform » Dive » Version: 0.8.8

cpe:2.3:a:openagentplatform:dive:0.8.8
Openagentplatform » Dive » Version: 0.8.9

cpe:2.3:a:openagentplatform:dive:0.8.9
Openagentplatform » Dive » Version: 0.9.0

cpe:2.3:a:openagentplatform:dive:0.9.0
Openagentplatform » Dive » Version: 0.9.1

cpe:2.3:a:openagentplatform:dive:0.9.1
Openagentplatform » Dive » Version: 0.9.10

cpe:2.3:a:openagentplatform:dive:0.9.10
Openagentplatform » Dive » Version: 0.9.11

cpe:2.3:a:openagentplatform:dive:0.9.11
Openagentplatform » Dive » Version: 0.9.2

cpe:2.3:a:openagentplatform:dive:0.9.2
Openagentplatform » Dive » Version: 0.9.3

cpe:2.3:a:openagentplatform:dive:0.9.3
Openagentplatform » Dive » Version: 0.9.4

cpe:2.3:a:openagentplatform:dive:0.9.4
Openagentplatform » Dive » Version: 0.9.5

cpe:2.3:a:openagentplatform:dive:0.9.5
Openagentplatform » Dive » Version: 0.9.6

cpe:2.3:a:openagentplatform:dive:0.9.6
Openagentplatform » Dive » Version: 0.9.7

cpe:2.3:a:openagentplatform:dive:0.9.7
Openagentplatform » Dive » Version: 0.9.8

cpe:2.3:a:openagentplatform:dive:0.9.8
Openagentplatform » Dive » Version: 0.9.9

cpe:2.3:a:openagentplatform:dive:0.9.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66580

Products

Pricing

Contact Us