CVE-2024-12374

Name of the Vulnerable Software and Affected Versions automatic1111/stable-diffusion-webui version git 82a973c

Description A stored cross-site scripting (XSS) issue exists. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. The attack involves uploading a malicious HTML file and exploiting the application's interpretation of the content type.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.