Miggo Logo

CVE-2024-8863: Aim Stored XSS through TEXT EXPLORER

3.5

CVSS Score
3.1

Basic Information

EPSS Score
0.05527%
Published
9/16/2024
Updated
9/20/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
aimpip<= 3.24.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability documentation explicitly identifies dangerouslySetInnerHTML in textbox.tsx as the vulnerable pattern. This React API bypasses built-in XSS protections by design when used with untrusted input. The CWE-79 classification and multiple independent sources (GitHub Advisory, NVD, VulDB) consistently attribute the vulnerability to this specific function's handling of the 'query' parameter. The high confidence comes from direct mentions in all vulnerability descriptions and alignment with known dangerous React patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, w*s *oun* in *im*u*io *im up to *.**. *****t** is t** *un*tion **n**rouslyS*tInn*r*TML o* t** *il* t*xt*ox.tsx o* t** *ompon*nt T*xt *xplor*r. T** m*nipul*tion o* t** *r*um*nt qu*ry l***s to *ross

Reasoning

T** vuln*r**ility *o*um*nt*tion *xpli*itly i**nti*i*s `**n**rouslyS*tInn*r*TML` in `t*xt*ox.tsx` *s t** vuln*r**l* p*tt*rn. T*is R***t *PI *yp*ss*s *uilt-in XSS prot**tions *y **si*n w**n us** wit* untrust** input. T** *W*-** *l*ssi*i**tion *n* multi