Vulnerabilities > CVE-2024-8556 - Unspecified vulnerability in Modelscope Agentscope

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

modelscope

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser.

Vulnerable Configurations

Part	Description	Count
Application	Modelscope Modelscope Agentscope *	1

References

https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b
https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b