Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Stored XSS in gaizhenbiao/chuanhuchatgpt

CVE-2024-8400

Description

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.

Affected products

Gaizhenbiao/Chuanhuchatgptllm-fuzzy
Range: latest
gaizhenbiao/gaizhenbiao/chuanhuchatgptv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49mitre
huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000