| タイトル | Kortix AI Suna < 0.8.39 DOM-XSS, Open Redirect |
|---|
| 説明 | A DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Kortix AI Suna's /auth and /auth/password pages. The application improperly trusts a URL parameter (returnUrl), which is passed to router.replace and router.push. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to session hijacking, credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim.
---
Note to moderator: The issue was fixed in v0.8.39 without notifying the wider user base via a security disclosure. It is reasonable that users self-hosting the product are unaware of the vulnerability. I have attempted to reach out to the vendor regarding a GitHub security advisory, but they have not responded after a month.
- CVD: https://gist.github.com/TrebledJ/fe7241910ac0aaeff86243fc88e9ffed
- Release v0.8.39: https://github.com/kortix-ai/suna/releases/tag/v0.8.39
- Git Commit: https://github.com/kortix-ai/suna/commit/f5dec7aa0c1b8fa0125938f292c0f2430ca75f6c
- Vendor: https://github.com/kortix-ai
- Product: https://github.com/kortix-ai/suna
Similar entries are VDB-365540, VDB-365539, VDB-356245, and VDB-358037 |
|---|
| ソース | ⚠️ https://gist.github.com/TrebledJ/fe7241910ac0aaeff86243fc88e9ffed |
|---|
| ユーザー | trebledj (UID 94356) |
|---|
| 送信 | 2026年05月26日 11:09 (28 日 ago) |
|---|
| モデレーション | 2026年06月21日 06:35 (26 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 372605 [kortix-ai suna 迄 0.8.38 Auth Endpoint page.tsx router.replace/router.push returnURL クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|