CVE-2025-6092 – ComfyAnonymous ComfyUI Cross-Site Scripting Vulnerability

June 15, 2025

CVE ID : CVE-2025-6092

Published : June 15, 2025, 6:15 p.m. | 7 hours, 7 minutes ago

Description : A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5964 – M-Files Server Path Traversal Vulnerability

Next Article CVE-2025-5990 – Crafty Controller Stored XSS Vulnerability

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-6092 – ComfyAnonymous ComfyUI Cross-Site Scripting Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Rilasciato 7-Zip versione 25: archiviatore di file open source con prestazioni migliorate

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

You can ask Gemini AI anything directly in Google Chrome – here’s how and why you should

Barefoot Shoes Market Poised to Witness High Growth Due to Rising Health Consciousness

CVE-2025-5980 – Code-projects Restaurant Order System SQL Injection Vulnerability

CVE-2025-53942 – Authentik OAuth/SAML Deactivated User Partial Access Vulnerability

Microsoft confirms Windows 10 0x80070643 after KB5057589, as WinRE strikes again

I love that DOOM: The Dark Ages requires ray tracing, and I hope more games follow

CVE-2025-6092 – ComfyAnonymous ComfyUI Cross-Site Scripting Vulnerability

Related Posts