2 matches found
CVE-2025-49149
Dify, an open-source LLM app platform, has a vulnerability in version 1.2.0 caused by insufficient filtering of user input in web applications, allowing injection of malicious script and potentially leading to cross-site scripting (XSS) when users browse affected pages. The CVE entries consistent...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...