Описание
A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser.
Уязвимые конфигурации
Конфигурация 1Версия до 2024-08-09 (включая)
cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
11 месяцев назад
AgentScope stored cross-site scripting (XSS) vulnerability
EPSS
Процентиль: 22%
0.00073
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79