Medium severity6.5NVD Advisory· Published May 14, 2024· Updated Apr 15, 2026

CVE-2024-34699

Description

GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1.

Patches

31e775b65cdd

https://github.com/gztimewalker/gzctfvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/GZTimeWalker/GZCTF/commit/31e775b65cddf82a567d68dcdc78c1739b746346nvd
github.com/GZTimeWalker/GZCTF/security/advisories/GHSA-p6rq-5x3x-rmhhnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000