CVE-2024-2171

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

Published: Jun 6, 2024
Updated: May 4, 2025
CVE: CVE-2024-2171
GHSA: GHSA-vwgf-7f9h-h499
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zenml	-	0.56.2
zenml / zenml	-	0.56.2

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e
https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8

Vulnerability Database

CVE-2024-2171

Deep Security Visibility Without the Complexity