CVE-2024-8101

Medium CVSS: 6.1

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.

Vendor

Aimstack

Product

Aim

CWE

CWE-79

Yayın Tarihi

2025-03-20 10:15:41

Güncelleme

2025-04-01 20:32:35

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-79 Aim MEDIUM Aimstack 2025

Referanslar

https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb

Benzer Kayıtlar

High

CVE-2025-51464

Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims bro…

High

CVE-2025-51463

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's fi…

Medium

CVE-2025-5321

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function R…

High

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides…

High

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` object…

Critical

CVE-2024-8769

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file d…