4 matches found
CVE-2025-6092
CVE-2025-6092 affects comfynonymous comfyui up to version 0.3.39. The vulnerability resides in the /upload/image endpoint where manipulation of the image argument enables cross-site scripting (XSS). Exploitation is possible remotely and PoC activity is indicated in sources. No official fix versio...
CVE-2024-10099
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10099
CVE-2024-10099 is a stored XSS in comfyanonymous/comfyui triggered by uploading an HTML image via /api/upload/image and executing when viewed through /view. Affected versions cited include 0.2.2 and possibly earlier; some sources also reference up to 0.3.39, indicating broader impact across multi...
CVE-2024-10099 Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...