CVE-2024-3402 MEDIUM

CVE-2024-3402: Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

Vendor Gaizhenbiao
Product gaizhenbiao/chuanhuchatgpt
Weakness CWE-79 · XSS
Published June 6, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.

Key dates

02Disclosure timeline

June 6, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-12878 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode CVE-2011-10038 Nagios XI < 2011R1.9 XSS via Recurring Downtime Script CVE-2023-4981 Cross-site Scripting (XSS) - DOM in librenms/librenms CVE-2025-47030 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2021-24294 DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)