CVE-2024-8400

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.

CVSS v3.0 5.4 MEDIUM

5.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49	Patch
https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3	Exploit
https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*

History

01 Apr 2025, 20:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gaizhenbiao:chuanhuchatgpt::::::::
First Time		Gaizhenbiao Gaizhenbiao chuanhuchatgpt
References	~~() https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3 -~~	() https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3 - Exploit
References	~~() https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49 -~~	() https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

20 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-79~~

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-04-01 20:32

NVD link : CVE-2024-8400

Mitre link : CVE-2024-8400

JSON object : View

Products Affected

gaizhenbiao

chuanhuchatgpt

CWE

No CWE.

5.4 /10