Vulnerabilities > CVE-2024-6035 - Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

gaizhenbiao

NVD

Published: 2024-07-11

Updated: 2024-11-21

Summary

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Vulnerable Configurations

Part	Description	Count
Application	Gaizhenbiao Gaizhenbiao Chuanhuchatgpt 20240410	1

References

https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987
https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987