AI Threat Alert

CVE-2024-5959: Panel: Stored XSS enables session hijack in ML dashboards

CRITICAL
Published September 18, 2024
CISO Take

CVE-2024-5959 is a Stored XSS flaw in Panel (before v2.3.24) that persists malicious JavaScript in the application database, executing silently in every authenticated visitor's browser without requiring any crafted interaction beyond normal navigation. In ML dashboard environments this is acutely dangerous: any ML engineer, data scientist, or platform admin reviewing a poisoned dashboard risks silent exfiltration of session tokens, API credentials, and cloud access keys surfaced in the interface. The package carries 30 CVEs and touches 479 downstream dependents, signaling systemic security debt rather than an isolated lapse. No active exploitation is recorded and EPSS data is unavailable, but Stored XSS is trivially weaponizable once an injection point is identified. Upgrade to Panel v2.3.24 immediately, deploy CSP headers restricting inline scripts, and rotate credentials for users who accessed affected instances during the vulnerable window.

Sources: NVD OpenSSF

What is the risk?

Medium-high risk for organizations running Panel-based ML dashboards in multi-user or internet-exposed configurations. Stored XSS is reliably exploitable with minimal skill—the payload persists across page loads and targets every authenticated session without requiring victim interaction beyond routine browsing. A 30-CVE history in this package and an OpenSSF Scorecard of 6.5/10 indicate structural security immaturity. The absence of CISA KEV entry and public exploit code moderates urgency, but the attack surface is broad wherever Panel surfaces sensitive operational data to multiple users.

How does the attack unfold?

Initial Injection
Attacker with low-privilege access to a Panel instance submits a JavaScript payload into a user-controlled field — annotation, label, or configuration name — that is stored without sanitization in the backend database.
AML.T0049
Payload Persistence
The unsanitized script persists in the Panel data store, ensuring it re-executes in the browser context of every subsequent user who loads the affected dashboard view.
Drive-By Execution
A privileged ML engineer or platform admin opens the poisoned dashboard during routine model review; their browser executes the attacker's script in the victim's fully authenticated session.
AML.T0078
Credential Harvest & Pivot
The script exfiltrates session cookies and any API tokens visible in the page to an attacker-controlled endpoint; the attacker uses the stolen credentials to pivot into model serving infrastructure or cloud storage.
AML.T0055

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Panel pip No patch
5.7K OpenSSF 6.5 479 dependents Pushed 6d ago 53% patched ~6d to patch Full package profile →

Do you use Panel? You're affected.

How severe is it?

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
Trivial

What should I do?

6 steps

  1. Upgrade Panel to v2.3.24 or later — this is the only complete fix.

  2. Deploy Content Security Policy headers (script-src 'self') on all Panel-served URLs to block inline script execution.

  3. Audit all Panel widgets accepting user-supplied input for proper HTML output encoding before rendering.

  4. Enable WAF rules targeting stored XSS patterns (AWS WAF AWSManagedRulesCommonRuleSet or ModSecurity CRS XSS rules) on Panel endpoints.

  5. Rotate session tokens and API keys for all users who accessed Panel instances in the vulnerable window.

  6. Review Panel access logs for anomalous POST requests to storage-backed fields prior to patching.

How is it classified?

Auth Bypass Data Extraction Code Execution Framework API AML.T0049 AML.T0055 AML.T0078

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Article 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.9.2 - Information security in AI system lifecycle
NIST AI RMF
GOVERN 1.1 - Contextual risks of the AI system are identified
OWASP LLM Top 10
LLM02:2025 - Insecure Output Handling

Frequently Asked Questions

What is CVE-2024-5959?

CVE-2024-5959 is a Stored XSS flaw in Panel (before v2.3.24) that persists malicious JavaScript in the application database, executing silently in every authenticated visitor's browser without requiring any crafted interaction beyond normal navigation. In ML dashboard environments this is acutely dangerous: any ML engineer, data scientist, or platform admin reviewing a poisoned dashboard risks silent exfiltration of session tokens, API credentials, and cloud access keys surfaced in the interface. The package carries 30 CVEs and touches 479 downstream dependents, signaling systemic security debt rather than an isolated lapse. No active exploitation is recorded and EPSS data is unavailable, but Stored XSS is trivially weaponizable once an injection point is identified. Upgrade to Panel v2.3.24 immediately, deploy CSP headers restricting inline scripts, and rotate credentials for users who accessed affected instances during the vulnerable window.

Is CVE-2024-5959 actively exploited?

No confirmed active exploitation of CVE-2024-5959 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-5959?

1. Upgrade Panel to v2.3.24 or later — this is the only complete fix. 2. Deploy Content Security Policy headers (script-src 'self') on all Panel-served URLs to block inline script execution. 3. Audit all Panel widgets accepting user-supplied input for proper HTML output encoding before rendering. 4. Enable WAF rules targeting stored XSS patterns (AWS WAF AWSManagedRulesCommonRuleSet or ModSecurity CRS XSS rules) on Panel endpoints. 5. Rotate session tokens and API keys for all users who accessed Panel instances in the vulnerable window. 6. Review Panel access logs for anomalous POST requests to storage-backed fields prior to patching.

What systems are affected by CVE-2024-5959?

This vulnerability affects the following AI/ML architecture patterns: ML dashboards, model monitoring interfaces, multi-user ML experimentation platforms, data visualization pipelines.

What is the CVSS score for CVE-2024-5959?

No CVSS score has been assigned yet.

What is the AI security impact?

Affected AI Architectures

ML dashboardsmodel monitoring interfacesmulti-user ML experimentation platformsdata visualization pipelines

MITRE ATLAS Techniques

AML.T0049 Exploit Public-Facing Application
AML.T0055 Unsecured Credentials
AML.T0078 Drive-by Compromise

Compliance Controls Affected

EU AI Act: Article 15
ISO 42001: A.9.2
NIST AI RMF: GOVERN 1.1
OWASP LLM Top 10: LLM02:2025

What are the technical details?

Original Advisory

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24.

Exploitation Scenario

An attacker with a low-privilege account on a shared ML monitoring platform injects a JavaScript payload into a user-controlled Panel field — such as a dashboard annotation, saved query label, or widget configuration name. The payload is persisted in the backend database. When a senior ML engineer or platform admin opens the affected dashboard during routine model review, the script executes in their authenticated session and silently POSTs document.cookie to an attacker-controlled endpoint. The attacker reuses the harvested session token to access model serving infrastructure, Jupyter environments, or cloud storage buckets linked from the dashboard.

Weaknesses (CWE)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'): The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

  • [Architecture and Design] Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
  • [Implementation, Architecture and Design] Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies. For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters. Parts of the same output document may require different encodings, which will vary depending on whether the output is in the: etc. Note that HTML Entity Encoding is only appropriate for the HTML body. Consult the XSS Prevention Cheat Sheet [REF-724] for more details on the types of encoding and escaping that are needed. HTML body Element attributes (such as src="XYZ") URIs JavaScript sections Casca

Source: MITRE CWE corpus.

References

Timeline

Published
September 18, 2024
Last Modified
June 3, 2026
First Seen
June 12, 2026

Related Vulnerabilities

CRITICAL CVE-2024-13152 10.0

Mobuy Panel: SQLi allows unauthenticated DB takeover

Same package: panel
CRITICAL CVE-2026-47744 9.9

Shopper: RBAC bypass allows full admin takeover

Same package: panel
CRITICAL CVE-2024-13147 9.8

B2B Login Panel: SQLi enables unauthenticated DB access

Same package: panel
CRITICAL CVE-2024-5960 9.8

Panel: plaintext credential storage enables domain compromise

Same package: panel
CRITICAL CVE-2025-14014 9.8

Smart Panel: unauthenticated file upload enables RCE

Same package: panel
Back to Threat Feed