Vulnerabilities > CVE-2024-8101 - Unspecified vulnerability in Aimstack AIM 3.23.0

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

aimstack

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.

Vulnerable Configurations

Part	Description	Count
Application	Aimstack Aimstack AIM 3.23.0	1

References

https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb
https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb