CVE-2024-43396
- Reference to the description:
- Description:
- Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
- Last updated date:
- 09/03/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/03/2024
- Reference url to background
https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h