CVE-2024-8029 MEDIUM

CVE-2024-8029: Stored XSS in imartinez/privategpt

Vendor Imartinez

Product imartinez/privategpt

Weakness CWE-79 · XSS

Published March 20, 2025

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Key dates

02Disclosure timeline

March 20, 2025 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8029

Related vulnerabilities

04Related CVE

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter CVE-2023-28774 WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS) CVE-2025-13244 code-projects Student Information System register.php cross site scripting CVE-2023-20149 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities CVE-2021-24426 Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)

Identifiers

CVE CVE-2024-8029

CWE CWE-79

CVSS 4.7 / MEDIUM

Affected versions

Vendor Imartinez

Product imartinez/privategpt

Affected ≥ unspecified and ≤ latest