CNNVD-202506-2981 Information

CNNVD ID

CNNVD-202506-2981

Related CVE

CVE-2025-49126

• CNNVD Published: 2025-06-23

Description (Chinese)

Visionatrix是Visionatrix开源的一个使用ComfyUI进行AI媒体处理的软件。 Visionatrix 2.5.1之前版本存在跨站脚本漏洞，该漏洞源于/docs/flows端点容易受到反射型跨站脚本攻击。

Description (English)

Visionatrix is a software from Visionatrix open source that uses ComfyUI for an AI media process. The pre-Visionatrix 2.5.1 version had a cross-site script loophole, which originated from the vulnerability of the /docs/flows endpoint to reflect-type cross-station script attacks.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Visionatrix

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/Visionatrix/Visionatrix/commit/63aafe6e4d1bffe4bf69e73b6fdfc65c71a8f5b8 https://github.com/Visionatrix/Visionatrix/security/advisories/GHSA-w36r-9jvx-q48v https://access.redhat.com/security/cve/cve-2025-49126

Patch

https://github.com/Visionatrix/Visionatrix/releases