Lucene search

[email protected]NVD:CVE-2024-9148

HistorySep 25, 2024 - 1:15 a.m.

CVE-2024-9148

2024-09-2501:15:49

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-9148

stored cross-site vulnerability

flowise chat embed

input sanitization

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.6%

JSON

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.

Affected configurations

Nvd

Node

flowiseaiembedRange<2.0.0

flowiseaiflowiseRange<2.1.1

VendorProductVersionCPE
flowiseaiembed*cpe:2.3:a:flowiseai:embed:*:*:*:*:*:*:*:*
flowiseaiflowise*cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flowiseai	embed	*	cpe:2.3:a:flowiseai:embed::::::::
flowiseai	flowise	*	cpe:2.3:a:flowiseai:flowise::::::::

References

www.tenable.com/security/research/tra-2024-40

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-9148

cvelist1 cve1 github1 vulnrichment1