CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6035 – Stored XSS in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-6035
11 Jul 2024 — A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks. Existe una vulnerabilidad de Cross Site Scripting almacenado (XSS) en gaizhenbiao/chuanhuchatgpt versión 20240410. • https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4520 – Improper Access Control in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-4520
04 Jun 2024 — An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulati... • https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 • CWE-284: Improper Access Control •