A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
References
Link | Resource |
---|---|
https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680 | Exploit Issue Tracking Third Party Advisory |
https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680 - Exploit, Issue Tracking, Third Party Advisory |
20 Aug 2024, 14:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:* | |
First Time |
Aimstack aim
Aimstack |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
30 Jul 2024, 13:33
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Jul 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-29 19:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6578
Mitre link : CVE-2024-6578
CVE.ORG link : CVE-2024-6578
JSON object : View
Products Affected
aimstack
- aim
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')