PT-2024-15235 · Unknown · Chanzhaoyu Chatgpt-Web

Mido0X0X

Published

2024-01-07

Updated

2024-05-17

CVE-2023-7215

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Chanzhaoyu chatgpt-web version 2.11.1

Description A problematic issue has been found in the software, affecting some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For Chanzhaoyu chatgpt-web version 2.11.1, consider disabling the Description argument to prevent cross-site scripting attacks until a patch is available. Restrict access to the affected processing to minimize the risk of exploitation. Avoid using the Description argument with untrusted input in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-7215

Affected Products

Chanzhaoyu Chatgpt-Web

PT-2024-15235 · Unknown · Chanzhaoyu Chatgpt-Web

CVE-2023-7215

Weakness Enumeration

Related Identifiers

Affected Products

References · 7