How severe is CVE-2024-9107?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-9107?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-9107 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code blocks correctly, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially leading to identity theft or other malicious actions.

Related Vulnerabilities

CVE-2019-0308

MEDIUM

CVSS:6.8(Medium)

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTM...

CWE-792019

CVE-2019-15053

MEDIUM

CVSS:6.8(Medium)

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

CWE-792019

CVE-2020-11001

MEDIUM

CVSS:6.8(Medium)

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission ...

CWE-792020

CVE-2020-28487

MEDIUM

CVSS:6.8(Medium)

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.

CWE-792020

CVE-2021-3866

MEDIUM

CVSS:6.8(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

CWE-792021

CVE-2021-3879

MEDIUM

CVSS:6.8(Medium)

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-792021