13 matches found
AIxBlock Cross-Site Scripting Vulnerability
AIxBlock is an AI automation platform. A cross-site scripting vulnerability exists in AIxBlock version 04f305, which stems from a modeldesc field that does not validate input and can be exploited by an attacker to cause a stored cross-site scripting attack...
CVE-2025-60950
An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...
EUVD-2025-37048
An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...
EUVD-2025-37047
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-60950
An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2025-63885
The CVE-2025-63885 vulnerability affects AIxBlock at commit 04f305, where the model_desc field does not validate input, enabling stored XSS that can cause arbitrary web scripts/HTML to be executed in a victim’s browser. Impact per the entry is Low for confidentiality and integrity, with no availa...
AIxBlock 安全漏洞
AIxBlock is an AI automation platform open-sourced by AIxBlock. AIxBlock has a security vulnerability that stems from an arbitrary file upload vulnerability in the Data Preparation feature that could lead to the execution of arbitrary code...
PT-2025-44434
Name of the Vulnerable Software and Affected Versions AIxBlock commit f60975 Description An arbitrary file upload issue exists in the Data Preparation function. Successful exploitation of this issue allows attackers to execute arbitrary code by uploading a crafted SVG file. Recommendations At the...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-60950
The CVE-2025-60950 entry refers to an arbitrary file upload vulnerability in AIxBlock’s Data Preparation function, tied to commit f60975. The issue allows an attacker to upload a crafted SVG file that could lead to arbitrary code execution. Affected component: Data Preparation function of AIxBloc...
CVE-2025-60950
An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...