CVE-2024-8556
published 2025-03-20CVE-2024-8556: A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.39%
30.8th percentile
A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modelscope | agentscope | <= 2024-08-09 | — |
| modelscope | agentscope | 0 – 0.1.1 | — |
| modelscope | modelscope_agentscope | unspecified – latest | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
AgentScope stored cross-site scripting (XSS) vulnerability
osv·2025-03-20
CVE-2024-8556 [MEDIUM] AgentScope stored cross-site scripting (XSS) vulnerability
AgentScope stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser.
GHSA
AgentScope stored cross-site scripting (XSS) vulnerability
ghsa·2025-03-20
CVE-2024-8556 [MEDIUM] CWE-79 AgentScope stored cross-site scripting (XSS) vulnerability
AgentScope stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string (run ID) is appended and rendered as HTML. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published