PT-2024-38757 · Imartinez+2 · Imartinez/Privategpt+1
Published
2024-12-16
·
Updated
2025-07-17
·
CVE-2024-8029
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
imartinez/privategpt version 0.5.0
Description
An XSS vulnerability exists in the file upload process. Attackers can upload malicious SVG files that execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
Recommendations
For imartinez/privategpt version 0.5.0, avoid uploading SVG files from untrusted sources.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imartinez/Privategpt
Privategpt