Skip to main content

Gpt Academic CVE-2024-10101

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-10-17 security@huntr.dev
5.4
CVSS 3.0 · Vendor: huntr
Share

Severity by source

Vendor (huntr) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (huntr) · only source for this CVE.

CVSS VectorVendor: huntr

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 17, 2024 - 19:15 cve.org
MEDIUM 5.4

DescriptionCVE.org

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information. Affected products include: Binary-Husky Gpt Academic. Version information: version 3.83..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-12390 HIGH POC
8.8 Mar 20

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. Rated high severity (

CVE-2024-10954 HIGH POC
8.8 Mar 20

In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper ha

CVE-2024-10950 HIGH POC
8.8 Mar 20

In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by pro

CVE-2024-11039 HIGH POC
8.8 Mar 20

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt

CVE-2024-10986 HIGH POC
8.8 Mar 20

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. Rated h

CVE-2024-10819 HIGH POC
8.8 Mar 20

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to tri

CVE-2025-25185 HIGH POC
7.5 Mar 03

GPT Academic provides interactive interfaces for large language models. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2024-10714 HIGH POC
7.5 Mar 20

A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by addin

CVE-2024-11031 HIGH POC
7.5 Mar 20

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_

CVE-2024-11030 HIGH POC
7.5 Mar 20

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plug

CVE-2024-10100 HIGH POC
7.5 Oct 17

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. Rated high severity (CVSS 7.5), this vu

CVE-2024-12391 MEDIUM POC
6.5 Mar 20

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (R

Share

CVE-2024-10101 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy