High

devika

Stored XSS Vulnerability in Chat Functionality

A stored XSS vulnerability was discovered in the chat functionality of the application, allowing attackers to inject malicious scripts. The affected version is not specified, and the issue has not yet been patched.

Available publicly on Jul 08 2024

8.1

CVE:

CVE-2024-5711

CWE:

79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Credit:

acciobugs
AssessDetect

Premium

Remediate
Remediation Steps
  • Sanitize all user inputs on both the frontend and backend to ensure that no malicious scripts can be injected.
  • Implement Content Security Policy (CSP) headers to mitigate the impact of any injected scripts.
  • Regularly review and update dependencies to ensure that any known vulnerabilities are patched.
  • Conduct thorough security testing, including automated and manual testing, to identify and remediate similar vulnerabilities.
Patch Details
  • Fixed Version: -
  • Patch Commit: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.