Unknown · Kubeflow Pipeline View · CVE-2024-9526
**Name of the Vulnerable Software and Affected Versions**
Kubeflow Pipeline View (affected versions not specified)
**Description**
The issue concerns a stored XSS vulnerability in the Kubeflow Pipeline View web UI. This vulnerability allows an attacker to inject malicious HTML code into the description field when creating a new pipeline, as the field does not properly filter HTML tags. This can lead to a stored XSS attack.
**Recommendations**
Upgrade past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d to resolve the issue. As a temporary workaround, consider restricting the use of HTML tags in the description field to minimize the risk of exploitation.