CVE-2024-6578

Опубликовано: 29 июл. 2024

Источник: nvd

CVSS3: 7.2

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.

Ссылки

https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680
Exploit
Issue Tracking
Third Party Advisory
https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-p9f2-jg9w-cx69

CVSS3: 6.1

github

больше 1 года назад

Aim Stored Cross-site Scripting Vulnerability

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79