AVID-2026-R1285

Description

Vulnerability CVE-2023-46492

Details

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.

Reason for inclusion in AVID: The AVID candidate describes CVE-2023-46492 affecting MLDB.ai, a machine learning/data platform. It is a software vulnerability in an AI software component used in ML workflows, with explicit remote code execution via crafted payload. This affects the AI stack/software supply chain, not hardware/firmware-only. The description and references provide sufficient signal.

References

• NVD entry
• https://gist.github.com/cd80/a75b618419d5afb137cd5a29e8156420

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2023-11-09
• Version: 0.3.3
• AVID Entry