Skip to main content

Aim CVE-2024-8863

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-09-14 cna@vuldb.com
5.3
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Sep 14, 2024 - 23:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Affected products include: Aimstack Aim. Version information: up to 3.24..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Aim

View all
CVE-2024-6396 CRITICAL POC
9.8 Jul 12

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any fi

CVE-2024-2195 CRITICAL POC
9.8 Apr 10

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the

CVE-2024-6829 CRITICAL POC
9.1 Mar 20

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extr

CVE-2024-2196 HIGH POC
8.8 Apr 10

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting

CVE-2021-43775 HIGH POC
8.6 Nov 23

Aim is an open-source, self-hosted machine learning experiment tracking tool. Rated high severity (CVSS 8.6), this vulne

CVE-2024-8238 HIGH POC
8.1 Mar 20

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function fro

CVE-2024-6851 HIGH POC
7.5 Mar 20

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-spec

CVE-2024-10110 HIGH POC
7.5 Mar 20

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of t

CVE-2025-0190 HIGH POC
7.5 Mar 20

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. Rated high severity (CVSS 7.5), this vulner

CVE-2024-12778 HIGH POC
7.5 Mar 20

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.

CVE-2024-8061 HIGH POC
7.5 Mar 20

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, cau

CVE-2024-6227 HIGH POC
7.5 Jul 08

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tr

Share

CVE-2024-8863 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy