{"id":"CVE-2024-48059","details":"gaizhenbiao/chuanhuchatgpt project, version \u003c=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser.","modified":"2026-04-10T05:17:38.809634Z","published":"2024-11-04T23:15:04.470Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/AfterSnows/c5a4cb029fb9142be5c54e531a9a240e"},{"type":"EVIDENCE","url":"https://rumbling-slice-eb0.notion.site/Stored-XSS-via-Chat-message-in-gaizhenbiao-chuanhuchatgpt-104e3cda9e8c80b4b611dfc491c488d8?pvs=4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gaizhenbiao/chuanhuchatgpt","events":[{"introduced":"0"},{"last_affected":"aac0f68edd2f720b9dfad5beb41c86050f1d4d2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20240802"}]}}],"versions":["20230303","20230305","20230317","20230320","20230323","20230327","20230330","20230409","20230413","20230417","20230422","20230427","20230502","20230507","20230513","20230526","20230601","20230614","20230619","20230628","20230709","20230719","20230728","20230809","20230820","20230830","20230911","20230916","20230926","20231006","20231020","20231110","20231215","20231223","20240121","20240305","20240310","20240410","20240628","20240802"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48059.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}