CVE-2024-8556

Name of the Vulnerable Software and Affected Versions modelscope/agentscope version 21161fe

Description A stored cross-site scripting (XSS) issue exists in the view for inspecting detailed run information. This occurs because a user-controllable string, the run ID, is appended and rendered as HTML, allowing an attacker to execute arbitrary JavaScript code in the context of the user's browser.

Recommendations As a temporary workaround, consider restricting the rendering of user-controllable strings as HTML in the view for inspecting detailed run information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.