GHSA-22c2-92rp-fgpfMediumCVSS 6.3
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature...
🔗 CVE IDs covered (1)
📋 Description
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session.