Home > Vulnerability Database > CVE-2024-10101

Mend.io Vulnerability Database

CVE-2024-10101

Date: October 17, 2024

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.

Language: Python

Severity Score

8.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10101

Url: https://huntr.com/bounties/0436d96a-a2c4-4ca5-9f3c-fd68eb74d2cb

Url: https://www.mend.io/vulnerability-database/CVE-2024-10101

Severity Score

8.2

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10101

Date: October 17, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?