CVE-2025-6092 | comfyanonymous comfyui up to 0.3.39 Incomplete Fix CVE-2024-10099 /upload/image cross site scripting

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting.

This vulnerability is known as CVE-2025-6092. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6092 | comfyanonymous comfyui up to 0.3.39 Incomplete Fix CVE-2024-10099 /upload/image cross site scripting

Post correlati

CVE-2025-27754 | rsjoomla RSBlog Component up to 1.14.4 on Joomla cross site scripting

CVE-2024-20807 | Samsung Mobile Email prior 6.1.90.16 Intent information disclosure

CVE-2024-9863 | miniOrange OTP Verification with Firebase Plugin up to 3.6.0 on WordPress Registration Privilege Escalation

CVE-2024-0908 | Advanced Post Block Plugin up to 1.13.1 on WordPress authorization