Stored Cross-Site Scripting Vulnerability in Gaizhenbiao ChatGPT Repository
CVE-2024-9107

6.8MEDIUM

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 20 March 2025

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-9107?

A stored cross-site scripting vulnerability exists in the Gaizhenbiao ChatGPT repository due to improper sanitization of HTML tags during chat history uploads. This flaw results from the sanitization mechanism's failure to correctly handle HTML tags within code blocks, allowing an attacker to inject malicious scripts. Exploitation of this vulnerability would enable the execution of arbitrary JavaScript code in the user's browser, posing significant risks such as identity theft and other malicious activities.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt <= unspecified

References

https://huntr.com/bounties/a2972c51-4780-4f60-afbf-a7a8ee...

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Sep 23, 2024