Lucene search

VulDBCVE-2024-8863

HistorySep 14, 2024 - 11:15 p.m.

CVE-2024-8863

2024-09-1423:15:11

CWE-79

VulDB

web.nvd.nist.gov

vulnerability

aimhubio

cross site scripting

3.24

text explorer

disclosure

remote attack

vendor contacted

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

3.8

Confidence

High

EPSS

Percentile

16.3%

JSON

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Vulners

Vulnrichment

Node

aimhubioaimMatch3.0

aimhubioaimMatch3.1

aimhubioaimMatch3.2

aimhubioaimMatch3.3

aimhubioaimMatch3.4

aimhubioaimMatch3.5

aimhubioaimMatch3.6

aimhubioaimMatch3.7

aimhubioaimMatch3.8

aimhubioaimMatch3.9

aimhubioaimMatch3.10

aimhubioaimMatch3.11

aimhubioaimMatch3.12

aimhubioaimMatch3.13

aimhubioaimMatch3.14

aimhubioaimMatch3.15

aimhubioaimMatch3.16

aimhubioaimMatch3.17

aimhubioaimMatch3.18

aimhubioaimMatch3.19

aimhubioaimMatch3.20

aimhubioaimMatch3.21

aimhubioaimMatch3.22

aimhubioaimMatch3.23

aimhubioaimMatch3.24

VendorProductVersionCPE
aimhubioaim3.0cpe:2.3:a:aimhubio:aim:3.0:*:*:*:*:*:*:*
aimhubioaim3.1cpe:2.3:a:aimhubio:aim:3.1:*:*:*:*:*:*:*
aimhubioaim3.2cpe:2.3:a:aimhubio:aim:3.2:*:*:*:*:*:*:*
aimhubioaim3.3cpe:2.3:a:aimhubio:aim:3.3:*:*:*:*:*:*:*
aimhubioaim3.4cpe:2.3:a:aimhubio:aim:3.4:*:*:*:*:*:*:*
aimhubioaim3.5cpe:2.3:a:aimhubio:aim:3.5:*:*:*:*:*:*:*
aimhubioaim3.6cpe:2.3:a:aimhubio:aim:3.6:*:*:*:*:*:*:*
aimhubioaim3.7cpe:2.3:a:aimhubio:aim:3.7:*:*:*:*:*:*:*
aimhubioaim3.8cpe:2.3:a:aimhubio:aim:3.8:*:*:*:*:*:*:*
aimhubioaim3.9cpe:2.3:a:aimhubio:aim:3.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aimhubio	aim	3.0	cpe:2.3:a:aimhubio:aim:3.0:::::::*
aimhubio	aim	3.1	cpe:2.3:a:aimhubio:aim:3.1:::::::*
aimhubio	aim	3.2	cpe:2.3:a:aimhubio:aim:3.2:::::::*
aimhubio	aim	3.3	cpe:2.3:a:aimhubio:aim:3.3:::::::*
aimhubio	aim	3.4	cpe:2.3:a:aimhubio:aim:3.4:::::::*
aimhubio	aim	3.5	cpe:2.3:a:aimhubio:aim:3.5:::::::*
aimhubio	aim	3.6	cpe:2.3:a:aimhubio:aim:3.6:::::::*
aimhubio	aim	3.7	cpe:2.3:a:aimhubio:aim:3.7:::::::*
aimhubio	aim	3.8	cpe:2.3:a:aimhubio:aim:3.8:::::::*
aimhubio	aim	3.9	cpe:2.3:a:aimhubio:aim:3.9:::::::*

Rows per page:

1-10 of 251

CNA Affected

[
  {
    "vendor": "aimhubio",
    "product": "aim",
    "versions": [
      {
        "version": "3.0",
        "status": "affected"
      },
      {
        "version": "3.1",
        "status": "affected"
      },
      {
        "version": "3.2",
        "status": "affected"
      },
      {
        "version": "3.3",
        "status": "affected"
      },
      {
        "version": "3.4",
        "status": "affected"
      },
      {
        "version": "3.5",
        "status": "affected"
      },
      {
        "version": "3.6",
        "status": "affected"
      },
      {
        "version": "3.7",
        "status": "affected"
      },
      {
        "version": "3.8",
        "status": "affected"
      },
      {
        "version": "3.9",
        "status": "affected"
      },
      {
        "version": "3.10",
        "status": "affected"
      },
      {
        "version": "3.11",
        "status": "affected"
      },
      {
        "version": "3.12",
        "status": "affected"
      },
      {
        "version": "3.13",
        "status": "affected"
      },
      {
        "version": "3.14",
        "status": "affected"
      },
      {
        "version": "3.15",
        "status": "affected"
      },
      {
        "version": "3.16",
        "status": "affected"
      },
      {
        "version": "3.17",
        "status": "affected"
      },
      {
        "version": "3.18",
        "status": "affected"
      },
      {
        "version": "3.19",
        "status": "affected"
      },
      {
        "version": "3.20",
        "status": "affected"
      },
      {
        "version": "3.21",
        "status": "affected"
      },
      {
        "version": "3.22",
        "status": "affected"
      },
      {
        "version": "3.23",
        "status": "affected"
      },
      {
        "version": "3.24",
        "status": "affected"
      }
    ],
    "modules": [
      "Text Explorer"
    ]
  }
]

References

rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4

vuldb.com/?ctiid.277500

vuldb.com/?id.277500

vuldb.com/?submit.403203

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

3.8

Confidence

High

EPSS

Percentile

16.3%

JSON

Related for CVE-2024-8863