CVE-2024-6035

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
References
Link Resource
https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

History

12 Jul 2024, 18:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.3
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*
First Time Gaizhenbiao chuanhuchatgpt
Gaizhenbiao
References () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - Exploit, Third Party Advisory

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross Site Scripting almacenado (XSS) en gaizhenbiao/chuanhuchatgpt versión 20240410. Esta vulnerabilidad permite a un atacante inyectar código JavaScript malicioso en el archivo del historial de chat. Cuando una víctima carga este archivo, el script malicioso se ejecuta en el navegador de la víctima. Esto puede provocar el robo de datos de los usuarios, el secuestro de sesiones, la distribución de malware y ataques de phishing.

11 Jul 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 11:15

Updated : 2024-07-15 18:15


NVD link : CVE-2024-6035

Mitre link : CVE-2024-6035

CVE.ORG link : CVE-2024-6035


JSON object : View

Products Affected

gaizhenbiao

  • chuanhuchatgpt
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')