Safoine El Khabich

2 exploits Active since Apr 2024
CVE-2024-2171 WRITEUP MEDIUM WRITEUP
zenml < 0.56.2 - Stored Cross-Site Scripting via Logo URL Field
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
CVSS 4.8
CVE-2024-2260 WRITEUP MEDIUM WRITEUP
zenml < 0.56.2 - Session Fixation via JWT Token Reuse
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
CVSS 4.2