Primary

Context

automatic1111/stable-diffusion-webui Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in automatic1111/stable-diffusion-webui, specifically in version git 82a973c. This vulnerability allows an attacker to upload an HTML file, which the application then treats as content-type application/html. When a victim accesses the malicious link, it executes arbitrary JavaScript in the victim's browser.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, upload a malicious HTML file containing JavaScript, such as an image tag with an 'onerror' event, to the application. After uploading, the file can be accessed via a generated link. When the link is clicked, the embedded JavaScript will execute in the victim's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

automatic1111/stable-diffusion-webui Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating