Stored Cross-Site Scripting Vulnerability in ChuanhuChatGPT by Gaizhenbiao
CVE-2024-8400

5.4MEDIUM

Key Information:

Vendor

Gaizhenbiao

Status
Gaizhenbiao/chuanhuchatgpt
Vendor
CVE Published:
20 March 2025
đź”” Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-8400?

A stored cross-site scripting vulnerability has been identified in the ChuanhuChatGPT application, allowing attackers to upload malicious HTML files. When these files are accessed by users, the embedded JavaScript code executes in their browsers, potentially compromising user data and web application integrity. Prompt action is necessary to mitigate the risks associated with this vulnerability.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240410

References

https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3f...
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.