Описание
A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:automatic1111:stable-diffusion-webui:2024-07-27:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
11 месяцев назад
A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser.
EPSS
Процентиль: 22%
0.00071
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79