CVE-2024-6035

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - Exploit, Third Party Advisory () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - Exploit, Third Party Advisory

12 Jul 2024, 18:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.3
v2 : unknown
v3 : 6.1
References () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - () https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 - Exploit, Third Party Advisory
CPE cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*
First Time Gaizhenbiao chuanhuchatgpt
Gaizhenbiao

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross Site Scripting almacenado (XSS) en gaizhenbiao/chuanhuchatgpt versión 20240410. Esta vulnerabilidad permite a un atacante inyectar código JavaScript malicioso en el archivo del historial de chat. Cuando una víctima carga este archivo, el script malicioso se ejecuta en el navegador de la víctima. Esto puede provocar el robo de datos de los usuarios, el secuestro de sesiones, la distribución de malware y ataques de phishing.

11 Jul 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 11:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-6035

Mitre link : CVE-2024-6035

CVE.ORG link : CVE-2024-6035


JSON object : View

Products Affected

gaizhenbiao

  • chuanhuchatgpt
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')