{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:57:00.396","vulnerabilities":[{"cve":{"id":"CVE-2024-11441","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:25.110","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. The vulnerability is due to improper neutralization of input during web page generation in the chat prompt. An attacker can exploit this vulnerability by sending a crafted message containing malicious HTML/JavaScript code, which will be stored and executed whenever the chat is accessed, leading to unintended content being shown to the user and potential phishing attacks."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la versión 0.9.0 de Serge. Esta vulnerabilidad se debe a la neutralización incorrecta de la entrada durante la generación de páginas web en el mensaje de chat. Un atacante puede explotar esta vulnerabilidad enviando un mensaje manipulado con código HTML/JavaScript malicioso, que se almacenará y ejecutará al acceder al chat, lo que provocará la visualización de contenido no deseado al usuario y posibles ataques de phishing."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://huntr.com/bounties/ae76d1ea-21a4-456d-bef2-331aef3ea376","source":"security@huntr.dev"}]}}]}