Stored Cross-Site Scripting Vulnerability in Serge Software by Sergetech
CVE-2024-11441

6.1MEDIUM

Key Information:

Vendor: Serge-chat
Status: Serge-chat/serge
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-11441?

A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0 due to improper data handling during the generation of web pages in the chat prompt feature. This flaw allows an attacker to craft a malicious message containing HTML or JavaScript code, which is then stored on the server. Whenever users access the chat, the malicious content is executed, potentially leading to the display of unauthorized information and increasing the risk of phishing attacks. Addressing this vulnerability is critical for maintaining the integrity and security of user interactions.

Affected Version(s)

serge-chat/serge <= unspecified

References

https://huntr.com/bounties/ae76d1ea-21a4-456d-bef2-331aef...

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 19, 2024

CVE-2024-11441 Data

JSON

Serge-chat

What is CVE-2024-11441?

Affected Version(s)

References

CVSS V3.0

Timeline