We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10099

Stored XSS in comfyanonymous/comfyui



Assigner@huntr_ai
Reserved2024-10-17
Published2024-10-17
Updated2024-10-17

Description

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code.



MEDIUM: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Product status

Any version
affected

References

https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c

cve.org CVE-2024-10099

nvd.nist.gov CVE-2024-10099

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.