3 matches found
EUVD-2026-38197
A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The...
CVE-2026-12811
The CVE affects kortix-ai suna prior to 0.8.39, specifically the Auth Endpoint’s frontend component at apps/frontend/src/app/auth/page.tsx. The vulnerability stems from router.push/replace handling of the returnURL argument, enabling cross-site scripting. Exploitation is possible remotely and the...
PT-2026-51258
Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...