CVE-2024-6035

Stored XSS in gaizhenbiao/chuanhuchatgpt

CVSS 7.4 HIGHEPSS 0.4%CWE-79

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.4EPSS 0.4%KEV nãoPoC —Patch —

Lifecycle

11 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected products

gaizhenbiao · gaizhenbiao/chuanhuchatgpt

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987