CVE-2025-0183

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic version 3.9.0

Description A stored cross-site scripting (XSS) issue exists in the Latex Proof-Reading Module, allowing an attacker to inject malicious scripts into the debug log.html file. When an admin visits this debug report, the injected scripts can execute, potentially leading to unauthorized actions and data access.

Recommendations For binary-husky/gpt academic version 3.9.0, consider disabling the Latex Proof-Reading Module until a patch is available to prevent potential exploitation. Restrict access to the debug log.html file to minimize the risk of unauthorized script execution.