51 matches found
CVE-2019-16949
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat where the user enters in their name and e-mail address. This POST request can be modified to change the message...
EUVD-2019-7429
Malware in sbrugna...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
GHSA-7RGR-72HP-9WP3 Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-50538
Flowise before version 3.0.5 is affected by an XSS vulnerability where an unfiltered IFRAME element allows an attacker to inject scripts when an admin views the chat log. Affected product: Flowise (FlowiseAI) prior to 3.0.5. Root cause: unfiltered IFRAME in the chat log view, enabling cross-site ...
PT-2025-40840
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.5 Description Flowise has a cross-site scripting XSS issue. This occurs through a FORM element and an INPUT element when an administrator views the chat log. Recommendations Update Flowise to version 3.0.5 or late...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
EUVD-2025-32481
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...
EUVD-2025-32480
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
FlowiseAI Flowise prior to 3.0.5 is vulnerable to Cross-Site Scripting (XSS) via FORM and INPUT elements in the chat log when viewed by an admin. The issue is consistently described across sources as a stored XSS variant introduced by insufficient sanitization of chat-log form fields. Affected so...
PT-2025-40841
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.5 Description The software contains a cross-site scripting issue that can be triggered when an administrator views the chat log through an IFRAME element. This could potentially lead to session hijacking and data...
SillyTavern 安全漏洞
SillyTavern is an open source front-end interface for a large language model from SillyTavern. A security vulnerability exists in SillyTavern versions prior to 1.13.4, which stems from vulnerability to DNS rebinding attacks that could lead to the installation of malicious extensions, reading chat...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...