Stored Cross-Site Scripting Vulnerability in Gaizhenbiao ChatGPT Repository
CVE-2024-9107

5.4MEDIUM

Key Information:

Vendor

Gaizhenbiao

Status
Gaizhenbiao/chuanhuchatgpt
Vendor
CVE Published:
20 March 2025

What is CVE-2024-9107?

A stored cross-site scripting vulnerability exists in the Gaizhenbiao ChatGPT repository due to improper sanitization of HTML tags during chat history uploads. This flaw results from the sanitization mechanism's failure to correctly handle HTML tags within code blocks, allowing an attacker to inject malicious scripts. Exploitation of this vulnerability would enable the execution of arbitrary JavaScript code in the user's browser, posing significant risks such as identity theft and other malicious activities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gaizhenbiao/chuanhuchatgpt <= unspecified

References

https://huntr.com/bounties/a2972c51-4780-4f60-afbf-a7a8ee...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.