CVE-2024-48059

Summary

CVE-2024-48059 is a stored Cross-Site Scripting (XSS) vulnerability affecting the gaizhenbiao/chuanhuchatgpt project before version 20240802. The flaw resides in the WebSocket session transmission, allowing an attacker to inject malicious content into a message. When a victim accesses this session, the malicious JavaScript is executed in their browser, potentially compromising sensitive information or taking control of the user's account. Attackers can exploit this vulnerability to launch various attacks, including data theft, unauthorized account access, and phishing. Users are advised to update their software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.