| |
Vulnerability CVE-2024-6035
Published: 2024-07-11
| Description: |
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987
|
|
|
closedb();
?>
Copyright 2026, cxsecurity.com
|
|
|