CHATGPT: A Potential Phishing Vector via HTML Injection

ChatGPT has the ability to render tags inside code blocks, subsequently rendering them when the chat is reopened or shared via a link.
This vulnerability has since been patched, but while it was active, it allowed for the execution of cross-site scripting (XSS) attacks.
XSS attacks can be used to embed malicious URLs or provide misleading messages to unsuspecting users, potentially impacting their well-being or the ability to deceive non-technical users.
The vulnerability was discovered by cyber security company Check Point, who reported that malicious payloads could be stored and executed within the graphical user interface (GUI), enabling the steal of sensitive user data.
The associated CVE (2025-43714) was later recorded on the NIST Reference Monitor as a vulnerability.

Fast Feed