Description
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c
Scores
CVSS v3
6.1
EPSS
0.0034
EPSS Percentile
26.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
comfy/comfyui
0.2.2
Published
Oct 17, 2024
Tracked Since
Feb 18, 2026