Описание
Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references.
Original Description
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
Пакеты
Наименование
flowise
npm
Затронутые версииВерсия исправления
< 3.0.5
3.0.5
8.2 High
CVSS3
Дефекты
CWE-79
8.2 High
CVSS3
Дефекты
CWE-79