ByteOS Network

ail_framework

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-39416

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.5||HIGH

EPSS-0.04% / 10.91%

7 Day CHG~0.00%

Published-08 Apr, 2026 | 20:11

Updated-15 Apr, 2026 | 19:20

Stored XSS in modal item preview for long item content in AIL Framework

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled content was returned without an explicit text/plain content type, allowing the browser to interpret the response as active HTML. This could result in execution of arbitrary JavaScript in the context of an authenticated user viewing a crafted item. This vulnerability is fixed in 6.8.

Vendor-circl ail-project

Product-ail_framework ail-framework

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-8545

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.47% / 64.57%

7 Day CHG~0.00%

Published-03 Feb, 2020 | 15:23

Updated-04 Aug, 2024 | 10:03

Global.py in AIL framework 2.8 allows path traversal.

Vendor-circl n/a

Product-ail_framework n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')