CVE-2024-8863

Summary

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
aimhubioaim3.0affected
aimhubioaim3.1affected
aimhubioaim3.2affected
aimhubioaim3.3affected
aimhubioaim3.4affected
aimhubioaim3.5affected
aimhubioaim3.6affected
aimhubioaim3.7affected
aimhubioaim3.8affected
aimhubioaim3.9affected
aimhubioaim3.10affected
aimhubioaim3.11affected
aimhubioaim3.12affected
aimhubioaim3.13affected
aimhubioaim3.14affected
aimhubioaim3.15affected
aimhubioaim3.16affected
aimhubioaim3.17affected
aimhubioaim3.18affected
aimhubioaim3.19affected
aimhubioaim3.20affected
aimhubioaim3.21affected
aimhubioaim3.22affected
aimhubioaim3.23affected
aimhubioaim3.24affected

Weaknesses

  • CWE-79: Cross Site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References