Din Asotić

**Name of the Vulnerable Software and Affected Versions** Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions 1.98.0 through 1.130.9 **Description** A Stored Cross-Site Scripting (XSS) issue exists in the ` genai/ evals visualization` component of Google Cloud Vertex AI SDK. This allows an unauthenticated remote attacker to execute arbitrary JavaScript within a victim's Jupyter or Colab environment. The attack is carried out by injecting script escape sequences into model evaluation results or dataset JSON data. **Recommendations** Update to a version later than 1.130.9.