CVE-2024-10099

Опубликовано: 17 окт. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewed through the /view API endpoint, leading to potential execution of arbitrary JavaScript code.

Ссылки

https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comfy:comfyui:0.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5269-hjm8-7x5f

CVSS3: 6.1

github

больше 1 года назад

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code.

EPSS

Процентиль: 29%

0.00106

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79