{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T13:02:36.043","vulnerabilities":[{"cve":{"id":"CVE-2024-6578","sourceIdentifier":"security@huntr.dev","published":"2024-07-29T19:15:13.170","lastModified":"2024-11-21T09:49:55.233","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab."},{"lang":"es","value":" Existe una vulnerabilidad de Cross Site Scripting (XSS) almacenado en aimhubio/aim versión 3.19.3. La vulnerabilidad surge de la neutralización incorrecta de la entrada durante la generación de la página web, específicamente en la pestaña de registros para ejecuciones. Los registros de salida del terminal se muestran utilizando la función `dangerfullySetInnerHTML` en React, que es susceptible a ataques XSS. Un atacante puede aprovechar esta vulnerabilidad inyectando scripts maliciosos en los registros, que se ejecutarán cuando un usuario vea la pestaña de registros."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*","matchCriteriaId":"3385F0DE-BFDD-45D6-A0DF-3175FF3A4805"}]}]}],"references":[{"url":"https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680","source":"security@huntr.dev","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}