CVE-2024-8101

Exploit

EPSS 0.08%
Veröffentlicht 20.03.2025 10:11:29
Zuletzt bearbeitet 01.04.2025 20:32:35
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim Version3.23.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.241

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security@huntr.dev	7.2	3.9	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-8101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8101

EUVD