CVE-2023-7215

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779.

Ссылки

https://github.com/Chanzhaoyu/chatgpt-web/issues/2001
Exploit
Issue Tracking
https://vuldb.com/?ctiid.249779
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.249779
Permissions Required
Third Party Advisory
VDB Entry
https://github.com/Chanzhaoyu/chatgpt-web/issues/2001
Exploit
Issue Tracking
https://vuldb.com/?ctiid.249779
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.249779
Permissions Required
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chanzhaoyu:chatgpt_web:2.11.1:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00265

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jw72-xfhc-2vr4

CVSS3: 3.5

github

около 2 лет назад

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779.

EPSS

Процентиль: 50%

0.00265

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79