CVE-2024-6035
Stored XSS in gaizhenbiao/chuanhuchatgpt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
Existe una vulnerabilidad de Cross Site Scripting almacenado (XSS) en gaizhenbiao/chuanhuchatgpt versión 20240410. Esta vulnerabilidad permite a un atacante inyectar código JavaScript malicioso en el archivo del historial de chat. Cuando una víctima carga este archivo, el script malicioso se ejecuta en el navegador de la víctima. Esto puede provocar el robo de datos de los usuarios, el secuestro de sesiones, la distribución de malware y ataques de phishing.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-06-15 CVE Reserved
- 2024-07-11 CVE Published
- 2024-07-13 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gaizhenbiao Search vendor "Gaizhenbiao" | Chuanhuchatgpt Search vendor "Gaizhenbiao" for product "Chuanhuchatgpt" | 20240410 Search vendor "Gaizhenbiao" for product "Chuanhuchatgpt" and version "20240410" | - |
Affected
| ||||||