Vulnerabilities > Stitionai > Devika > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-7790 | Cross-site Scripting vulnerability in Stitionai Devika A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. | 5.4 |
| 2024-08-04 | CVE-2024-6331 | Injection vulnerability in Stitionai Devika stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. | 6.5 |
| 2024-07-08 | CVE-2024-5711 | Unspecified vulnerability in Stitionai Devika A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. | 6.1 |