Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Chuanhuchatgpt Security Vulnerabilities

cve
cve

CVE-2023-34094

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can explo...

7.5CVSS

5.3AI Score

0.001EPSS

2023-06-02 04:15 PM
29
cve
cve

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to pat...

9.8CVSS

6.7AI Score

0.077EPSS

2024-06-06 07:16 PM
33
cve
cve

CVE-2024-3402

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, ...

5.4CVSS

6.3AI Score

0.0004EPSS

2024-06-06 07:16 PM
31
cve
cve

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to una...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-06 07:16 PM
39
cve
cve

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-04 08:15 PM
6
cve
cve

CVE-2024-6035

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. T...

6.1CVSS

7.7AI Score

0.0005EPSS

2024-07-11 11:15 AM
42
cve
cve

CVE-2024-6255

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds_config_chatbot.json. This issue arises due to improper validation of file paths, enabling...

9.1CVSS

8.2AI Score

0.0005EPSS

2024-07-31 01:15 AM
25