CNNVD-202510-861 Information
Oct 06, 2025
cve
CNNVD ID
CNNVD-202510-861
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.5之前版本存在安全漏洞,该漏洞源于IFRAME元素未过滤,可能导致跨站脚本攻击。
Description (English)
Flowise is an open-source tool for easy construction of LLM applications. There was a security loophole in the previous version of Flowise 3.5, which originated from the fact that IFRAME elements were not filtered and could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FlowiseAI
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/FlowiseAI/Flowise/pull/4905 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-964p-j4gg-mhwc
Patch
https://github.com/FlowiseAI/Flowise/releases
Share on: