{"data":{"id":"ed5aaaa3-57f0-4a5d-84bb-eeaa7da97be6","title":"CVE-2024-43396: Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML in","summary":"Khoj, an application that creates personal AI agents, has a vulnerability in its Automation feature where users can insert arbitrary HTML and JavaScript code through the q parameter of the /api/automation endpoint due to improper input sanitization (a security flaw called stored XSS, where malicious code gets saved and runs when the page loads). This allows attackers to inject harmful code that affects other users viewing the page.","solution":"This vulnerability is fixed in version 1.15.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-43396","publishedAt":"2024-08-20T21:15:14.897Z","cveId":"CVE-2024-43396","cweIds":["CWE-79","CWE-79"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Khoj"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00924,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}