CVE-2024-11441

Name of the Vulnerable Software and Affected Versions Serge version 0.9.0

Description A stored cross-site scripting (XSS) issue exists due to improper neutralization of input during web page generation in the chat prompt. An attacker can exploit this by sending a crafted message containing malicious HTML/JavaScript code, which will be stored and executed whenever the chat is accessed, leading to unintended content being shown to the user and potential phishing attacks.

Recommendations For Serge version 0.9.0, update to a version that properly neutralizes input during web page generation to prevent the storage and execution of malicious code. As a temporary workaround, consider restricting the use of the chat prompt feature until a patch is available.