CVE-2024-12374 Information
Mar 21, 2025
cve
Description
A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file which the application interprets as content-type application/html. If a victim accesses the malicious link it will execute arbitrary JavaScript in the victim’s browser.
Reference
https://huntr.com/bounties/3dae386a-f442-4be6-87ef-956606c8a6ac
Share on: