CVE-2024-7790
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-7790 is a stored cross-site scripting (XSS) vulnerability affecting DevikaAI starting from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2. This issue allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or unauthorized system access. The vulnerability arises from DevikaAI's failure to properly decode user inputs, enabling the attacker to manipulate data stored on the server-side and execute scripts in the context of the victim's browser. This could result in a range of harmful actions, such as session hijacking, data exfiltration, and privilege escalation. Users are advised to apply the necessary patches as soon as they become available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.