CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e531a9a240e	Third Party Advisory
https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Chat-message-in-gaizhenbiao-chuanhuchatgpt-104e3cda9e8c80b4b611dfc491c488d8?pvs=4	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*

History

11 Jul 2025, 13:58

Type	Values Removed	Values Added
First Time		Gaizhenbiao Gaizhenbiao chuanhuchatgpt
References	~~() https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e531a9a240e -~~	() https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e531a9a240e - Third Party Advisory
References	~~() https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Chat-message-in-gaizhenbiao-chuanhuchatgpt-104e3cda9e8c80b4b611dfc491c488d8?pvs=4 -~~	() https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Chat-message-in-gaizhenbiao-chuanhuchatgpt-104e3cda9e8c80b4b611dfc491c488d8?pvs=4 - Exploit
CPE		cpe:2.3:a:gaizhenbiao:chuanhuchatgpt::::::::

Information

Published : 2024-11-04 23:15

Updated : 2025-07-11 13:58

NVD link : CVE-2024-48059

Mitre link : CVE-2024-48059

CVE.ORG link : CVE-2024-48059

JSON object : View

Products Affected

gaizhenbiao

chuanhuchatgpt

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10