Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in stitionai/devika
Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the application. Specifically, the application fails to sanitize user input in the chat feature, leading to the execution of arbitrary JavaScript code in the context of the user's browser session. This issue affects all versions of the application. The impact of this vulnerability includes the potential for stolen credentials, extraction of sensitive information from chat logs, projects, and other data accessible through the application.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Devika 跨站脚本漏洞
Vulnerability Description
Devika是Stition AI的一位高级 AI 软件工程师,可以理解高级人类指令,将它们分解为步骤,研究相关信息,并编写代码以实现给定的目标。 Devika 存在跨站脚本漏洞,该漏洞源于HTML输入的清理不当和CORS配置错误。
CVSS Information
N/A
Vulnerability Type
N/A