CNNVD-202510-2440 Information

CNNVD ID

CNNVD-202510-2440

Related CVE

CVE-2025-58747

• CNNVD Published: 2025-10-17

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 Dify 1.9.1及之前版本存在跨站脚本漏洞，该漏洞源于OAuth流程实现中未验证或清理authorization_url，可能导致跨站脚本攻击。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. Dify 1.9.1 and previous versions had a cross-site script loophole, which originated in the non-validation or clean-up of the OAuth process and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

LangGenius

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/langgenius/dify/commit/bfda4ce7e6f39d43a4420e97e23a18edcfe3e3d3 https://github.com/langgenius/dify/security/advisories/GHSA-9jch-j9qf-vqfw https://access.redhat.com/security/cve/cve-2025-58747