CVE-2024-9107
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in the gaizhenbiao/chuanhuchatgpt repository allows attackers to inject malicious JavaScript via improperly sanitized HTML tags in chat history uploads. This affects users of version git 20b2e02 who upload chat content containing code blocks. Successful exploitation could lead to session hijacking, credential theft, or other client-side attacks.
💻 Affected Systems
- gaizhenbiao/chuanhuchatgpt
📦 What is this software?
Chuanhuchatgpt by Gaizhenbiao
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals user session cookies, gains unauthorized access to accounts, performs actions as the victim, and potentially compromises the entire user base through persistent XSS payloads.
Likely Case
Attacker injects malicious scripts that steal user credentials, session tokens, or redirect users to phishing sites when they view compromised chat histories.
If Mitigated
With proper input validation and output encoding, the risk is reduced to minimal as malicious scripts are neutralized before execution.
🎯 Exploit Status
Exploitation requires the ability to upload chat history content. The vulnerability is documented in public bounty reports with technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: git commit after 20b2e02
Vendor Advisory: https://huntr.com/bounties/a2972c51-4780-4f60-afbf-a7a8ee4066ea
Restart Required: No
Instructions:
1. Update to the latest version of gaizhenbiao/chuanhuchatgpt repository. 2. Verify the fix includes proper HTML sanitization for code blocks in chat history uploads. 3. Clear any existing malicious chat history entries.
🔧 Temporary Workarounds
Disable chat history uploads
allTemporarily disable the chat history upload functionality to prevent exploitation.
Modify application configuration to disable file uploads for chat history
Implement input validation filter
allAdd server-side filtering to sanitize HTML tags in uploaded chat content before storage.
Implement HTML sanitization library (e.g., DOMPurify) for all user-generated content
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Monitor and audit chat history uploads for suspicious HTML/JavaScript content
🔍 How to Verify
Check if Vulnerable:
Test by uploading chat history containing <script>alert('XSS')</script> within a code block and check if script executes when viewed.Check Version:
git log --oneline -1Verify Fix Applied:
Attempt the same XSS test after patching; script should not execute and HTML should be properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual chat history uploads containing script tags, onerror attributes, or JavaScript URIs
Network Indicators:
- HTTP requests uploading chat files with suspicious content patterns
SIEM Query:
source="web_logs" AND (uri_path="/upload" OR method="POST") AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")