ChuanhuChat GPT Project Vulnerable to Stored XSS Attack
CVE-2024-48059

Currently unrated

Key Information:

Vendor: gaizhenbiao
Vendor: CVE Published:; 4 November 2024

🔔 Create gaizhenbiao Vulnerability Alert

What is CVE-2024-48059?

gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser.

References

https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Cha...

https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024