CVE-2024-45856 Information

Description

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine database project or dataset containing arbitrary JavaScript code within the web UI.

Reference

https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/