CVE-2024-7790 MEDIUM

CVE-2024-7790: DevikaAI Stored Cross-Site Scripting

Vendor Devikia
Product DevikaAI
Published August 14, 2024
Last update March 25, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input.

Key dates

02Disclosure timeline

August 14, 2024 CVE published
March 25, 2025 Record updated