Description

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.

INFO

Published Date :

2024-06-06T18:24:03.274Z

Last Modified :

2024-08-01T20:12:06.645Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3402 vulnerability.

Vendors Products
Gaizhenbiao
  • Chuanhuchatgpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3402.

URL Resource
https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact