CVE-2024-10101 Vulnerability Details

  /     /     /  

CVE-2024-10101 Metadata Quick Info

CVE Published: 17/10/2024 | CVE Updated: 04/11/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: binary-husky | Product: binary-husky/gpt_academic
Status : PUBLISHED

---

CVE-2024-10101 Description

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim\'s browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: binary-husky

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).