CVE-2024-8400 MEDIUM

CVE-2024-8400: Stored XSS in gaizhenbiao/chuanhuchatgpt

Vendor Gaizhenbiao

Product gaizhenbiao/chuanhuchatgpt

Weakness CWE-79 · XSS

Published March 20, 2025

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.

Key dates

02Disclosure timeline

March 20, 2025 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8400

Related vulnerabilities

Identifiers

CVE CVE-2024-8400

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions