CVE-2025-0183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-0183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-0183

Published

2025-03-20T10:15:51.033Z

Modified

2026-04-10T05:20:03.542413Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debug_log.html file generated by the module. When an admin visits this debug report, the injected scripts can execute, potentially leading to unauthorized actions and data access.

References

https://huntr.com/bounties/53bced90-64a9-4ca2-8f2f-282c4ce84d1f

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type

GIT

Repo

https://github.com/binary-husky/gpt_academic

Events

Introduced

Last affected

2fe5febaf00257f716c6fe9915f61f006ee8bac3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.90"
        }
    ]
}

Affected versions

version2.*

version2.68-3

version2.68-4

version2.7

version3.*

version3.1-2

version3.1-3

version3.15

version3.2

version3.3-3

version3.32

version3.33

version3.33-2

version3.34

version3.35

version3.36

version3.37

version3.37-2

version3.37-3

version3.37-4

version3.4

version3.4-2

version3.41-2

version3.41-3

version3.42

version3.42-2

version3.43

version3.44

version3.45

version3.47

version3.48

version3.48-1

version3.50

version3.50-1

version3.50-2

version3.52

version3.52-1

version3.53-1

version3.53-2

version3.54

version3.54-2

version3.55

version3.55-2

version3.60-1

version3.64-1

version3.70

version3.74

version3.83

version3.83-fix-1

version3.90

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0183.json"