CVE-2024-6035

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-79
View all →

Vulnerability Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Related Vulnerabilities

CVE-2016-2512

HIGH
CVSS:7.4(High)

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cro...

CWE-792016

CVE-2019-0130

HIGH
CVSS:7.4(High)

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network...

CWE-792019

CVE-2019-20514

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

CWE-792019

CVE-2019-20515

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.

CWE-792019

CVE-2019-20516

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.

CWE-792019

CVE-2019-20517

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.

CWE-792019