Lucene search

K
StitionaiDevika

4 matches found

CVE
CVE
added 2024/07/09 12:15 a.m.55 views

CVE-2024-5549

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleti...

8.1CVSS7.9AI score0.00062EPSS
CVE
CVE
added 2024/07/08 12:15 a.m.38 views

CVE-2024-5711

A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the applicati...

8.1CVSS6.3AI score0.00181EPSS
CVE
CVE
added 2024/06/27 7:15 p.m.37 views

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all co...

8.8CVSS7.7AI score0.00353EPSS
CVE
CVE
added 2024/06/28 8:15 p.m.36 views

CVE-2024-5712

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, w...

8.1CVSS8.1AI score0.00054EPSS