Unrated severityNVD Advisory· Published Oct 17, 2024· Updated Oct 17, 2024
Stored XSS in comfyanonymous/comfyui
CVE-2024-10099
Description
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewed through the /view API endpoint, leading to potential execution of arbitrary JavaScript code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=0.2.2
- comfyanonymous/comfyanonymous/comfyuiv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.