CVE-2025-0183

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debug_log.html file generated by the module. When an admin visits this debug report, the injected scripts can execute, potentially leading to unauthorized actions and data access.

Ссылки

https://huntr.com/bounties/53bced90-64a9-4ca2-8f2f-282c4ce84d1f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:binary-husky:gpt_academic:3.90:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00059

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-c2xf-763v-3rqh

CVSS3: 5.4

github

11 месяцев назад

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the `debug_log.html` file generated by the module. When an admin visits this debug report, the injected scripts can execute, potentially leading to unauthorized actions and data access.

BDU:2025-05337

CVSS3: 5.4

fstec

больше 1 года назад

Уязвимость модуля Latex Proof-Reading хранилища программных продуктов языка Python PyPi, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

EPSS

Процентиль: 18%

0.00059

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79