CVE-2024-3851

Name of the Vulnerable Software and Affected Versions imartinez/privategpt (affected versions not specified)

Description A stored Cross-Site Scripting (XSS) issue exists due to improper validation of file uploads. Attackers can exploit this by uploading malicious HTML files containing JavaScript payloads. When accessed, these files are executed in the context of the victim's session, potentially leading to the execution of arbitrary JavaScript code in the user's browser session. This could result in phishing attacks or other malicious actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.