CVE-2024-8556 Information

Description

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user’s browser.

Reference

https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b