CVE-2024-5711

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 8, 2024
Updated: Jul 11, 2024
CWE ID 79

Summary

CVE-2024-5711 is a stored Cross-Site Scripting (XSS) vulnerability affecting the stitionai/devika chat feature. The flaw arises due to insufficient input validation and sanitization on both frontend and backend components of the application. Attackers can inject malicious payloads into the chat input, resulting in the execution of arbitrary JavaScript code in users' browser sessions. This issue puts sensitive information, including credentials and chat logs, at risk and affects all versions of the application.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share