3 matches found
CVE-2024-8556
A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...
CVE-2024-8556 Stored XSS in modelscope/agentscope
A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...
CVE-2024-8556
CVE-2024-8556 affects modelscope/agentscope with a stored XSS in the run-details view where a user-controllable run ID is appended and rendered as HTML, enabling arbitrary JavaScript in the victim’s browser. The issue is tied to dashboard.js rendering logic; PoC in Snyk shows a crafted run_id, co...