{"data":{"id":"f7cbecf5-68cb-42f4-97f6-2c502c849375","title":"CVE-2026-27169: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-a","summary":"OpenSift, an AI study tool that uses semantic search (finding information by meaning rather than exact keywords) and generative AI to analyze large datasets, has a vulnerability in versions 1.1.2-alpha and below where untrusted content is rendered unsafely in the chat interface, allowing XSS (cross-site scripting, where attackers inject malicious code that runs in a user's browser). An attacker who can modify stored study materials could execute JavaScript code when a legitimate user views that content, potentially letting the attacker perform actions as that user within the application.","solution":"This issue has been fixed in version 1.1.3-alpha.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-27169","publishedAt":"2026-02-21T00:16:16.810Z","cveId":"CVE-2026-27169","cweIds":["CWE-79","CWE-116"],"cvssScore":"8.9","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenSift"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00048,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}