Home > Vulnerability Database > CVE-2024-43396

Mend.io Vulnerability Database

CVE-2024-43396

Date: August 20, 2024

Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.

Language: Python

Severity Score

5.4

Related Resources (6)

Url: https://github.com/khoj-ai/khoj

Url: https://github.com/khoj-ai/khoj/commit/1c7a562880eeb7354325545d2cf6c5d1d1134812

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43396

Url: https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h

Url: https://github.com/khoj-ai/khoj/commit/55be90cdd2f9d6a09c8bf9ceea52fc36b9201626

Url: https://www.mend.io/vulnerability-database/CVE-2024-43396

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43396

Date: August 20, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?