CVE-2024-3402

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240121

Description A stored Cross-Site Scripting (XSS) issue exists due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.

Recommendations For version 20240121, as a temporary workaround, consider implementing proper sanitization and validation of model output data to prevent the injection of malicious JavaScript code. Restrict the execution of JavaScript code within the context of a user's browser to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.