VYPR
Unrated severityNVD Advisory· Published Oct 17, 2024· Updated Oct 17, 2024

Stored XSS in comfyanonymous/comfyui

CVE-2024-10099

Description

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewed through the /view API endpoint, leading to potential execution of arbitrary JavaScript code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.