{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T07:13:29.752","vulnerabilities":[{"cve":{"id":"CVE-2024-45856","sourceIdentifier":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","published":"2024-09-12T13:15:15.373","lastModified":"2026-06-17T07:54:58.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-site Scripting (XSS) en todas las versiones de la plataforma MindsDB, que permite la ejecución de un payload de JavaScript cada vez que un usuario enumera un motor de aprendizaje automático, una base de datos, un proyecto o un conjunto de datos que contiene código JavaScript arbitrario dentro de la interfaz de usuario web."}],"affected":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","affectedData":[{"vendor":"mindsdb","product":"mindsdb","defaultStatus":"unaffected","repo":"https://github.com/mindsdb/mindsdb","versions":[{"version":"*","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"mindsdb","product":"mindsdb","defaultStatus":"unknown","cpes":["cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-12T16:55:06.284110Z","id":"CVE-2024-45856","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","matchCriteriaId":"5A28523E-29C7-43A7-AC1A-9C16ECC9F40E"}]}]}],"references":[{"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","tags":["Exploit","Third Party Advisory"]}]}}]}