Home > Vulnerability Database > CVE-2024-8029

Mend.io Vulnerability Database

CVE-2024-8029

Date: March 20, 2025

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

Severity Score

4.7

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8029

Url: https://huntr.com/bounties/5941dc63-a4db-4b04-8007-bcaa828106d0

Url: https://www.mend.io/vulnerability-database/CVE-2024-8029

Severity Score

4.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8029

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?