Описание
Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
Уязвимые конфигурации
Конфигурация 1Версия до 1.15.0 (исключая)
cpe:2.3:a:khoj:khoj:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00924
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 1 года назад
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
EPSS
Процентиль: 76%
0.00924
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79