CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-10099

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c

Products affected by CVE-2024-10099

Comfy » Comfyui » Version: 0.2.2

cpe:2.3:a:comfy:comfyui:0.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10099

Products

Pricing

Contact Us