Lucene search
K

149 matches found

Vulnrichment
Vulnrichment
added 2024/10/17 6:14 p.m.11 views

CVE-2024-10099 Stored XSS in comfyanonymous/comfyui

A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...

6.1CVSS6AI score0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/17 6:14 p.m.16 views

CVE-2024-10099 Stored XSS in comfyanonymous/comfyui

A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...

6.1CVSS0.00342EPSS
Exploits1References1
CVE
CVE
added 2024/10/17 6:14 p.m.109 views

CVE-2024-10099

CVE-2024-10099 is a stored XSS in comfyanonymous/comfyui triggered by uploading an HTML image via /api/upload/image and executing when viewed through /view. Affected versions cited include 0.2.2 and possibly earlier; some sources also reference up to 0.3.39, indicating broader impact across multi...

6.1CVSS6AI score0.00342EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

ComfyUI 跨站脚本漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...

6.1CVSS5.8AI score0.00342EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-16025 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version 0.2.2 and possibly earlier Description: A stored cross-site scripting XSS issue exists, allowing an attacker to upload an HTML file with a malicious XSS payload via the "/api/upload/image" endpoint. The payload ...

6.1CVSS5.3AI score0.00342EPSS
Exploits1References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/26 4:53 p.m.4 views

Malicious code in comfyui-node-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d14c72a2c0a980d7106ed7e451501074521e6282c64d87f689b4b758f877d2ea Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSV
added 2024/07/26 4:53 p.m.4 views

MAL-2024-12248 Malicious code in comfyui-node-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dbe79c5cd8f170a46216b0bf557c0f4c5f65d712660985f0c3059b875601b0a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/26 4:53 p.m.7 views

Malicious code in comfyui-node-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dbe79c5cd8f170a46216b0bf557c0f4c5f65d712660985f0c3059b875601b0a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
HackRead
HackRead
added 2024/06/10 12:3 p.m.24 views

Malicious Node on ComfyUI Steals Data from Crypto, Browser Users

Cryptocurrency users beware: A malicious ComfyUI node steals sensitive data like passwords, crypto wallet addresses, etc. Stay safe…...

7.2AI score
Exploits0
Rows per page
Query Builder