CNNVD-202507-2909 Information

CNNVD ID

CNNVD-202507-2909

Related CVE

CVE-2025-51464

• CNNVD Published: 2025-07-22

Description (Chinese)

Aim是美国Aim开源的一个易于使用和高性能的开源实验跟踪器。 Aim 3.28.0版本存在安全漏洞，该漏洞源于/api/reports端点存在跨站脚本漏洞，可能导致在受害者浏览器中执行任意JavaScript。

Description (English)

Aim is an easy-to-use and high-performance open source experimental tracker for the Aim open source in the United States. The security gap in version Aim 3.28.0 stems from the cross-site script gap at the /api/reports endpoint, which could lead to the implementation of any JavaScript in the victim browser.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Aim

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/aimhubio/aim/pull/3333 https://www.gecko.security/blog/cve-2025-51464 https://nvd.nist.gov/vuln/detail/CVE-2025-51464 https://access.redhat.com/security/cve/cve-2025-51464

Patch

https://aimstack.io/