| Title | comfyui 0.3.39 Cross Site Scripting |
|---|
| Description | ComfyUI is vulnerable to Cross Site Scripting vulnerability. Attackers can exploit the vulnerability by uploading .svg, .xhtml, etc., files containing the trigerable javascript payloads, which bypasses the patch for CVE-2024-10099. |
|---|
| Source | ⚠️ https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4 |
|---|
| User | Gavin Zhong (UID 84092) |
|---|
| Submission | 06/01/2025 00:22 (1 Year ago) |
|---|
| Moderation | 06/15/2025 01:09 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 312559 [comfyanonymous comfyui up to 0.3.39 Incomplete Fix CVE-2024-10099 /upload/image cross site scripting] |
|---|
| Points | 16 |
|---|