CNNVD-202507-2919 Information
CNNVD ID
CNNVD-202507-2919
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
RAGFlow是InfiniFlow开源的一个基于深度文档理解的开源 RAG 引擎。 RAGFlow 0.17.2版本存在安全漏洞,该漏洞源于api.apps.dialog_app.set_dialog存在存储型跨站脚本漏洞,可能导致执行任意JavaScript。
Description (English)
RAGFlow is an open source RAG engine based on the understanding of an in-depth document. There is a security loophole in version RAGFlow 0.17.2, which stems from api.apps.dialog app.set dialog ’ s storage-type cross-site script gap, which could lead to the execution of any JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
InfiniFlow
Published
2025-07-22
Last Modified
2026-02-24
References
https://www.gecko.security/blog/cve-2025-51462 https://github.com/infiniflow/ragflow https://github.com/infiniflow/ragflow/pull/7250 https://access.redhat.com/security/cve/cve-2025-51462 https://nvd.nist.gov/vuln/detail/CVE-2025-51462
Patch
https://github.com/infiniflow/ragflow/releases
Share on: