PT-2024-38582 · Devikaai · Devikaai

Joshua Martinelle

Published

2024-08-14

Updated

2024-08-20

CVE-2024-7790

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DevikaAI versions from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards

Description A stored cross site scripting issue exists due to improperly decoded user input. This allows for the storage and subsequent execution of malicious scripts, potentially leading to unauthorized actions on behalf of the user.

Recommendations For versions from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards, consider implementing proper input decoding and validation to prevent the storage of malicious scripts. As a temporary workaround, restrict user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-7790

Affected Products

Devikaai

PT-2024-38582 · Devikaai · Devikaai

CVE-2024-7790

Weakness Enumeration

Related Identifiers

Affected Products

References · 6