← Volver a CVEs
CVE-2026-27169
HIGH8.9
Descripcion
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
Detalles CVE
Puntuacion CVSS v3.18.9
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/21/2026
Ultima modificacion2/23/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
opensift:opensift
Debilidades (CWE)
CWE-79CWE-116
Referencias
https://github.com/OpenSift/OpenSift/releases/tag/v1.1.3-alpha(security-advisories@github.com)
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-qrpx-7cmv-5gv5(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.