ChatGPT SVG Document Rendering Leads to HTML Injection Vulnerability

Vulnerability

A vulnerability exists in the ChatGPT system, through March 30, 2025, due to its handling of SVG documents. The system renders SVGs inline rather than as text within a code block. This behavior allows for HTML injection, which could be exploited in most modern graphical web browsers.

Impact

Exploitation of this vulnerability could lead to HTML injection, potentially allowing for phishing attacks or other malicious activities, according to a referenced source.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ChatGPT SVG Document Rendering Leads to HTML Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating