Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients
Vulnerability Description
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Khoj 安全漏洞
Vulnerability Description
Khoj是Khoj AI开源的一款应用程序。可为用户创建随时可用的个人人工智能代理。 Khoj 1.13.0之前版本存在安全漏洞,该漏洞源于对AI模型的响应和用户输入清理不足,可能会导致跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A