Filtered by vendor Comfyanonymous
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10099 | 2 Comfy, Comfyanonymous | 2 Comfyui, Comfyanonymous\/comfyui | 2024-10-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. | ||||
Page 1 of 1.