A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input
<image src onerror=prompt(document.domain)>
leads to cross site scripting.
The identification of this vulnerability is CVE-2023-7215. The attack may be initiated remotely. Furthermore, there is an exploit available.