Filtered by vendor Binary-husky Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10101 1 Binary-husky 1 Gpt Academic 2024-12-21 N/A
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.
CVE-2024-10100 1 Binary-husky 1 Gpt Academic 2024-11-04 N/A
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.