Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox restrictions prevent JavaScript execution via pyodide.code.run_js().
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Aim 跨站脚本漏洞
Vulnerability Description
Aim是美国Aim开源的一个易于使用和高性能的开源实验跟踪器。 Aim 3.28.0版本存在安全漏洞,该漏洞源于/api/reports端点存在跨站脚本漏洞,可能导致在受害者浏览器中执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A