Description

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

INFO

Published Date :

2024-06-06T18:22:31.301Z

Last Modified :

2024-08-09T18:41:46.790Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2171 vulnerability.

Vendors Products
Zenml
  • Zenml
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-2171.

URL Resource
https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e cve-icon cve-icon cve-icon
https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact