CVE-2024-10819

Exploit

EPSS 0.22%
Veröffentlicht 20.03.2025 10:10:26
Zuletzt bearbeitet 14.07.2025 15:05:59
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

CSRF to XSS in binary-husky/gpt_academic

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binary-husky ≫ Gpt Academic Version3.83

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.126

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@huntr.dev	7.1	2.8	4.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://huntr.com/bounties/45270c4b-a500-4374-a90b-37b604a3ace0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-10819

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10819

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10819

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10819