Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
CSRF to XSS in binary-husky/gpt_academic
CVE-2024-10819
Description
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 3.83
- binary-husky/binary-husky/gpt_academicv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.