Security Advisory

CVE-2024-6035

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-11 10:41:27

Last updated 2024-08-01 21:25:03

Assigner @huntr_ai

State PUBLISHED

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victims browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

← Browse all CVEs View on cve.org ↗