| Titel | comfyui 0.3.39 Cross Site Scripting |
|---|
| Beschreibung | ComfyUI is vulnerable to Cross Site Scripting vulnerability. Attackers can exploit the vulnerability by uploading .svg, .xhtml, etc., files containing the trigerable javascript payloads, which bypasses the patch for CVE-2024-10099. |
|---|
| Quelle | ⚠️ https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4 |
|---|
| Benutzer | Gavin Zhong (UID 84092) |
|---|
| Einreichung | 01.06.2025 00:22 (vor 1 Jahr) |
|---|
| Moderieren | 15.06.2025 01:09 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 312559 [comfyanonymous comfyui bis 0.3.39 Incomplete Fix CVE-2024-10099 /upload/image Cross Site Scripting] |
|---|
| Punkte | 16 |
|---|