XSS Vulnerability in imartinez's PrivateGPT Product
CVE-2024-8029

4.7MEDIUM

Key Information:

Vendor: Imartinez
Status: Imartinez/privategpt
Vendor: CVE Published:; 20 March 2025

Summary

An XSS vulnerability in the file upload process of imartinez's PrivateGPT enables attackers to upload malicious SVG files. When users click on a link to these files, harmful JavaScript can execute, potentially resulting in user data theft, session hijacking, and creating pathways for malware distribution or phishing attacks. It is essential for users of PrivateGPT to secure their systems against this threat by updating or applying available patches.

Affected Version(s)

imartinez/privategpt <= unspecified

References

https://huntr.com/bounties/5941dc63-a4db-4b04-8007-bcaa82...

CVSS V3.0

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 20, 2024