{"data":{"id":"59f6fd4f-de29-4d09-8905-7457e43c7c10","title":"CVE-2024-6706: Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the contex","summary":"CVE-2024-6706 is a vulnerability where attackers can write malicious prompts that trick a language model into running arbitrary JavaScript (code that executes in a web browser) on a webpage. This is a type of cross-site scripting (XSS) attack, where untrusted input is not properly cleaned before being displayed on a web page, allowing attackers to inject malicious code.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6706","publishedAt":"2024-08-07T23:15:41.350Z","cveId":"CVE-2024-6706","cweIds":["CWE-79","CWE-79"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00189,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}