High

gpt_academic

Stored XSS via File Upload

A stored XSS vulnerability was discovered in version 3.83 of the software, allowing attackers to upload malicious HTML files that execute scripts in the victim's browser. This issue has not yet been patched.

Available publicly on Dec 30 2024

7.6

CVE:

CVE-2024-10101

CWE:

79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Credit:

ethansilvas
AssessDetect

Unavailable

Remediate
Remediation Steps
  1. Sanitize and validate all file uploads to ensure they do not contain executable scripts.
  2. Implement Content Security Policy (CSP) headers to mitigate the impact of XSS attacks.
  3. Encode or escape HTML content before rendering it in the browser.
  4. Regularly update and patch the software to incorporate security fixes.
  5. Educate users about the risks of clicking on unknown or suspicious links.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 648 related security advisories that are available with Sightline Premium.