GHSA-22c2-92rp-fgpfMediumCVSS 6.3

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature...

Published
June 3, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (1)

📋 Description

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session.

🔗 References (4)