CVE-2024-10101

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic version 3.83

Description A stored cross-site scripting (XSS) vulnerability exists in the software. The vulnerability occurs at the "/file" endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.

Recommendations For binary-husky/gpt academic version 3.83, consider disabling the "/file" endpoint until a patch is available to prevent the upload and storage of malicious HTML files. Restrict access to the endpoint to minimize the risk of exploitation. Avoid using the endpoint to render HTML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.