3.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-8863

GHSA ID

GHSA-pmhg-f7wc-c97m

EPSS Score

0.05527%

CWE

CWE-79

Published

9/16/2024

Updated

9/20/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-8863

CVE-2024-8863: Aim Stored XSS through TEXT EXPLORER

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

(GitHub Advisory)

3.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-8863

GHSA ID

GHSA-pmhg-f7wc-c97m

EPSS Score

0.05527%

CWE

CWE-79

Published

9/16/2024

Updated

9/20/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
aim	pip	<= 3.24.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability documentation explicitly identifies dangerouslySetInnerHTML in textbox.tsx as the vulnerable pattern. This React API bypasses built-in XSS protections by design when used with untrusted input. The CWE-79 classification and multiple independent sources (GitHub Advisory, NVD, VulDB) consistently attribute the vulnerability to this specific function's handling of the 'query' parameter. The high confidence comes from direct mentions in all vulnerability descriptions and alignment with known dangerous React patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, w*s *oun* in *im*u*io *im up to *.**. *****t** is t** *un*tion **n**rouslyS*tInn*r*TML o* t** *il* t*xt*ox.tsx o* t** *ompon*nt T*xt *xplor*r. T** m*nipul*tion o* t** *r*um*nt qu*ry l***s to *ross

Reasoning

T** vuln*r**ility *o*um*nt*tion *xpli*itly i**nti*i*s `**n**rouslyS*tInn*r*TML` in `t*xt*ox.tsx` *s t** vuln*r**l* p*tt*rn. T*is R***t *PI *yp*ss*s *uilt-in XSS prot**tions *y **si*n w**n us** wit* untrust** input. T** *W*-** *l*ssi*i**tion *n* multi

3.5

Basic Information

Concerned about an active attack path?

CVE-2024-8863: Aim Stored XSS through TEXT EXPLORER

3.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI