Stored Cross-Site Scripting Vulnerability in AimHubIO's Text Explorer Component
CVE-2024-8101

6.1MEDIUM

Key Information:

Vendor
Aimhubio
Status
Aimhubio/aim
Vendor
CVE Published:
20 March 2025

Summary

A stored cross-site scripting (XSS) vulnerability has been identified in the Text Explorer component of AimHubIO's Aim version 3.23.0. This flaw is primarily due to the improper use of dangerouslySetInnerHTML, which allows the insertion of unverified HTML content. As a result, attackers can execute arbitrary JavaScript by injecting malicious code during the training process. Once this content is rendered in the Text Explorer without appropriate sanitization, it can lead to unauthorized actions and data exposure, compromising the integrity of the application.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abd...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-8101 : Stored Cross-Site Scripting Vulnerability in AimHubIO's Text Explorer Component | SecurityVulnerability.io