A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
References
Link | Resource |
---|---|
https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e | Patch |
https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
11 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:* | |
References | () https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e - Patch | |
References | () https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
First Time |
Zenml zenml
Zenml |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:15
Updated : 2024-10-11 14:15
NVD link : CVE-2024-2171
Mitre link : CVE-2024-2171
CVE.ORG link : CVE-2024-2171
JSON object : View
Products Affected
zenml
- zenml
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')