Primary

Context

AIL Framework Stored Cross-Site Scripting Vulnerability in Modal Item Preview

Vulnerability

A stored cross-site scripting vulnerability has been identified in the AIL Framework prior to version 6.8. The issue arises in the modal item preview feature, where item content exceeding 800 characters is processed. Attacker-controlled content is returned without a proper text/plain content type, allowing the browser to treat the response as active HTML. This could lead to the execution of arbitrary JavaScript in the context of an authenticated user viewing the manipulated item.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the affected item.

Remediation

Users can upgrade to AIL Framework version 6.8 or later to address this vulnerability.

Added: Apr 8, 2026, 10:23 PM

Updated: Apr 8, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

5.5

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

5.5

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AIL Framework Stored Cross-Site Scripting Vulnerability in Modal Item Preview

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating