8 matches found
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-50538
Flowise before version 3.0.5 is affected by an XSS vulnerability where an unfiltered IFRAME element allows an attacker to inject scripts when an admin views the chat log. Affected product: Flowise (FlowiseAI) prior to 3.0.5. Root cause: unfiltered IFRAME in the chat log view, enabling cross-site ...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
EUVD-2025-32481
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-29192
FlowiseAI Flowise prior to 3.0.5 is vulnerable to Cross-Site Scripting (XSS) via FORM and INPUT elements in the chat log when viewed by an admin. The issue is consistently described across sources as a stored XSS variant introduced by insufficient sanitization of chat-log form fields. Affected so...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...