{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T12:13:28.991","vulnerabilities":[{"cve":{"id":"CVE-2024-8556","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:43.230","lastModified":"2025-04-01T20:31:16.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en modelscope/agentscope, a partir del último commit 21161fe en la rama principal. La vulnerabilidad se produce en la vista para inspeccionar información detallada de la ejecución, donde se añade una cadena controlable por el usuario (ID de ejecución) y se representa como HTML. Esto permite a un atacante ejecutar código JavaScript arbitrario en el contexto del navegador del usuario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*","versionEndIncluding":"2024-08-09","matchCriteriaId":"5726D6D6-9147-4E3C-910A-4BCAC19B5764"}]}]}],"references":[{"url":"https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}