149 matches found
CVE-2024-10099 Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10099 Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10099
CVE-2024-10099 is a stored XSS in comfyanonymous/comfyui triggered by uploading an HTML image via /api/upload/image and executing when viewed through /view. Affected versions cited include 0.2.2 and possibly earlier; some sources also reference up to 0.3.39, indicating broader impact across multi...
ComfyUI 跨站脚本漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...
PT-2024-16025 · Comfyui · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version 0.2.2 and possibly earlier Description: A stored cross-site scripting XSS issue exists, allowing an attacker to upload an HTML file with a malicious XSS payload via the "/api/upload/image" endpoint. The payload ...
Malicious code in comfyui-node-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d14c72a2c0a980d7106ed7e451501074521e6282c64d87f689b4b758f877d2ea Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12248 Malicious code in comfyui-node-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0dbe79c5cd8f170a46216b0bf557c0f4c5f65d712660985f0c3059b875601b0a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in comfyui-node-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0dbe79c5cd8f170a46216b0bf557c0f4c5f65d712660985f0c3059b875601b0a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious Node on ComfyUI Steals Data from Crypto, Browser Users
Cryptocurrency users beware: A malicious ComfyUI node steals sensitive data like passwords, crypto wallet addresses, etc. Stay safe…...