313 matches found
CVE-2025-3467
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...
CVE-2025-3466
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3467
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...
CVE-2025-3467 XSS Vulnerability in langgenius/dify
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...
CVE-2025-3467 XSS Vulnerability in langgenius/dify
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...
CVE-2025-3467
CVE-2025-3467 is a stored/reflected XSS in langgenius/dify before 1.1.3 that specifically affects Firefox. The vulnerability allows an attacker to exfiltrate the administrator’s token by injecting a payload in a published chat; when the admin views the conversation via the monitoring/log function...
CVE-2025-3466 Unsanitized Input in langgenius/dify
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3466
CVE-2025-3466 affects langgenius/dify versions 1.1.0–1.1.2. Root cause is unsanitized input in the code node that enables overriding global JavaScript functions (e.g., parseInt) before sandbox restrictions, allowing arbitrary code execution with full root permissions. Documented impact includes a...
dify 跨站脚本漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in versions prior to dify 1.1.3, which stems from uncleared input in the Firefox browser and could lead to cross-site scripting attacks...
PT-2025-28154 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: langgenius/dify versions prior to 1.1.3 Description: An XSS vulnerability exists, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions 1.1.0 through 1.1.2 of dify, which stems from an uncleaned code node input that could lead to the execution of arbitrary code...
PT-2025-28153 · Langgenius · Dify
Name of the Vulnerable Software and Affected Versions: langgenius/dify versions 1.1.0 through 1.1.2 Description: The issue arises from unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. This is due to the ability to override global functions in...
编号撤回
Vagrant and others are products of . Vagrant is a command line utility for managing the lifecycle of virtual machines. Isolates dependencies and their configurations in a single disposable and consistent environment. webSockets ws and others are products of the WebSockets open source. ws is a...
CVE-2025-49149
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
CVE-2025-49149
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
CVE-2025-49149
Dify, an open-source LLM app platform, has a vulnerability in version 1.2.0 caused by insufficient filtering of user input in web applications, allowing injection of malicious script and potentially leading to cross-site scripting (XSS) when users browse affected pages. The CVE entries consistent...
CVE-2025-49149 Dify has XSS vulnerability
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...
dify 跨站脚本漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify version 1.2.0, which stems from insufficient user input filtering and could lead to cross-site scripting attacks...