ChuanhuChat GPT Project Vulnerable to Stored XSS Attack
CVE-2024-48059

6.1MEDIUM

Key Information:

Vendor: gaizhenbiao
Status: Chuanhuchatgpt
Vendor: CVE Published:; 4 November 2024

🔔 Create gaizhenbiao Vulnerability Alert

What is CVE-2024-48059?

gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser.

References

https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Cha...

https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024

CVE-2024-48059 Data

JSON