Mgtx2

**Name of the Vulnerable Software and Affected Versions** Kimi AI version 1.0 **Description** A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the Document Object Model (DOM), which is the programming interface for HTML and XML documents, allowing arbitrary JavaScript execution in the browser session. **Recommendations** Update Kimi AI to a version that properly sanitizes and encodes AI-generated content in the 'Preview' feature. As a temporary workaround, avoid using the 'Preview' tab to view AI-generated code until a fix is applied.