CVE-2024-8863 – aim

Package

Manager: pip
Name: aim
Vulnerable Version: >=0 <=3.24.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.00031 pctl0.07229

Details

Aim Stored XSS through TEXT EXPLORER A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

Created: 2024-09-16T14:37:27Z
Modified: 2024-09-20T19:48:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-pmhg-f7wc-c97m/GHSA-pmhg-f7wc-c97m.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pmhg-f7wc-c97m
Finding: F425
Auto approve: 1