Home > Vulnerability Database > CVE-2024-6578

Mend.io Vulnerability Database

CVE-2024-6578

Date: July 29, 2024

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the "dangerouslySetInnerHTML" function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.

Language: Python

Severity Score

5.4

Related Resources (4)

Url: https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680

Url: https://github.com/aimhubio/aim

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6578

Url: https://www.mend.io/vulnerability-database/CVE-2024-6578

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6578

Date: July 29, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?