CVE-2024-10819 HIGH

CVE-2024-10819: CSRF to XSS in binary-husky/gpt_academic

Vendor Binary-Husky
Product binary-husky/gpt_academic
Weakness CWE-352 · CSRF
Published March 20, 2025
Last update October 15, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated