A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Binary-husky
Binary-husky gpt Academic |
|
CPEs | cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:* | |
Vendors & Products |
Binary-husky
Binary-husky gpt Academic |
|
Metrics |
ssvc
|
Thu, 17 Oct 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information. | |
Title | Stored XSS in binary-husky/gpt_academic | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-10-17T18:12:21.623Z
Updated: 2024-10-17T19:24:26.011Z
Reserved: 2024-10-17T17:38:16.094Z
Link: CVE-2024-10101
Vulnrichment
Updated: 2024-10-17T19:24:16.844Z
NVD
Status : Awaiting Analysis
Published: 2024-10-17T19:15:21.713
Modified: 2024-10-18T12:52:33.507
Link: CVE-2024-10101
Redhat
No data.