Stored XSS via File Upload
A stored cross-site scripting (XSS) vulnerability was discovered in the file upload function of the latest version of the software. This issue was patched in version 20240410.
Remediation Steps
- Validate file extensions before allowing uploads.
- Implement content security policies to prevent execution of untrusted scripts.
- Sanitize user inputs to ensure no executable code is uploaded.
- Regularly update and patch the software to include the latest security fixes.
Patch Details
- Fixed Version: 20240410
- Patch Commit: https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.