A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.
History

Thu, 17 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Binary-husky
Binary-husky gpt Academic
CPEs cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*
Vendors & Products Binary-husky
Binary-husky gpt Academic
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
Description A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.
Title Stored XSS in binary-husky/gpt_academic
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 8.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-10-17T18:12:21.623Z

Updated: 2024-10-17T19:24:26.011Z

Reserved: 2024-10-17T17:38:16.094Z

Link: CVE-2024-10101

cve-icon Vulnrichment

Updated: 2024-10-17T19:24:16.844Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T19:15:21.713

Modified: 2024-10-18T12:52:33.507

Link: CVE-2024-10101

cve-icon Redhat

No data.