CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-12374

A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://huntr.com/bounties/3dae386a-f442-4be6-87ef-956606c8a6ac

Products affected by CVE-2024-12374

Automatic1111 » Stable-Diffusion-Webui » Version: 2024-07-27

cpe:2.3:a:automatic1111:stable-diffusion-webui:2024-07-27

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12374

Products

Pricing

Contact Us