CVE-2024-5711
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jul 8, 2024
Updated: Jul 11, 2024
CWE ID 79
Summary
CVE-2024-5711 is a stored Cross-Site Scripting (XSS) vulnerability affecting the stitionai/devika chat feature. The flaw arises due to insufficient input validation and sanitization on both frontend and backend components of the application. Attackers can inject malicious payloads into the chat input, resulting in the execution of arbitrary JavaScript code in users' browser sessions. This issue puts sensitive information, including credentials and chat logs, at risk and affects all versions of the application.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share