Vulnerabilities > Stitionai

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-7790 Cross-site Scripting vulnerability in Stitionai Devika
A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input.
network
low complexity
stitionai CWE-79
5.4
2024-08-04 CVE-2024-6331 Injection vulnerability in Stitionai Devika
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection.
network
low complexity
stitionai CWE-74
6.5
2024-07-24 CVE-2024-40422 Path Traversal vulnerability in Stitionai Devika 1.0
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack.
network
low complexity
stitionai CWE-22
critical
9.1
2024-07-08 CVE-2024-5711 Unspecified vulnerability in Stitionai Devika
A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input.
network
low complexity
stitionai
6.1