XSS Vulnerability in imartinez's PrivateGPT Product
CVE-2024-8029

6.1MEDIUM

Key Information:

Vendor

Imartinez

Status
Imartinez/privategpt
Vendor
CVE Published:
20 March 2025

What is CVE-2024-8029?

An XSS vulnerability in the file upload process of imartinez's PrivateGPT enables attackers to upload malicious SVG files. When users click on a link to these files, harmful JavaScript can execute, potentially resulting in user data theft, session hijacking, and creating pathways for malware distribution or phishing attacks. It is essential for users of PrivateGPT to secure their systems against this threat by updating or applying available patches.

Affected Version(s)

imartinez/privategpt <= unspecified

References

https://huntr.com/bounties/5941dc63-a4db-4b04-8007-bcaa82...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-8029 : XSS Vulnerability in imartinez's PrivateGPT Product