| |
Vulnerability CVE-2024-10099
Published: 2024-10-17
| Description: |
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
