CVE-2024-8029

Medium CVSS: 6.1

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Vendor

Pribai

Product

Privategpt

CWE

CWE-79

Yayın Tarihi

2025-03-20 10:15:39

Güncelleme

2025-07-17 15:56:07

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-79 Privategpt MEDIUM Pribai 2025

Referanslar

https://huntr.com/bounties/5941dc63-a4db-4b04-8007-bcaa828106d0

Benzer Kayıtlar

Medium

CVE-2025-4515

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown…

High

CVE-2024-8018

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file…

High

CVE-2024-12063

A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vu…