exploitDog

GHSA-rx93-qmpc-rhp9

Опубликовано: 11 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.3

Описание

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Ссылки

EPSS

Процентиль: 45%

0.00225

Низкий

9.3 Critical

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-6035

CVSS3: 6.1

nvd

больше 1 года назад

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

EPSS

Процентиль: 45%

0.00225

Низкий

9.3 Critical

CVSS3

CVE ID

Дефекты

CWE-79