Medium

chuanhuchatgpt

XSS Vulnerability via Insecure Model Output Handling

A Cross-Site Scripting (XSS) vulnerability exists in the latest version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization/validation of model output data. This allows for the execution of malicious JavaScript code within the browser context of users. The issue remains unpatched.

Available publicly on Apr 19 2024

6.8

CVE:

CVE-2024-3402

CWE:

79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Credit:

dastaj
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Update the application to sanitize and validate model output data to prevent the injection of malicious code.
  • Implement content security policies (CSP) to mitigate the impact of any potential XSS vulnerabilities.
  • Regularly audit and test the application for security vulnerabilities, including XSS, and apply patches or updates as necessary.
  • Educate users about the risks of uploading or interacting with untrusted files and content.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.