imartinez PrivateGPT Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in imartinez/privategpt version 0.5.0. This issue arises in the file upload process, where attackers can upload malicious SVG files. When a victim clicks on the link to the uploaded file, the SVG executes JavaScript in the victim's browser. This vulnerability could lead to theft of user data, session hijacking, distribution of malware, or phishing attacks.

Impact

Exploitation of this vulnerability allows for the injection of malicious scripts that can steal sensitive user data, such as login credentials and personal information. It also enables session hijacking by stealing session cookies, allowing attackers to impersonate users. Additionally, this vulnerability could be used to distribute malware or conduct phishing attacks within the application.

Reproduction

To reproduce this vulnerability, upload an SVG file containing a script tag with JavaScript code, such as an alert, through the application's file upload feature. After uploading, the SVG file can be accessed via a link, which will trigger the execution of the embedded JavaScript in the user's browser.