CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.0%

CVSS Severity

CVSS v3 Score 7.2

References

https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb
https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb

Products affected by CVE-2024-8101

Aimstack » Aim » Version: 3.23.0

cpe:2.3:a:aimstack:aim:3.23.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8101

Products

Pricing

Contact Us