CVE-2024-8863

Advisory

A critical security vulnerability affects the aimhubio aim library. The vulnerability exists in the dangerouslySetInnerHTML function of the file textbox.tsx within the Text Explorer component. Attackers can exploit this vulnerability by manipulating the query argument, leading to cross-site scripting (XSS). This allows remote execution of malicious scripts in the context of the victim's browser, potentially compromising user data or performing unauthorized actions. The vulnerability has been publicly disclosed, and exploits may exist in the wild.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-pmhg-f7wc-c97m
• https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8863