Количество 2
Количество 2
CVE-2024-43396
Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
GHSA-cf72-vg59-4j4h
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-43396 Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0. | CVSS3: 5.4 | 1% Низкий | больше 1 года назад |
| GHSA-cf72-vg59-4j4h Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) | CVSS3: 5.4 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу