CNNVD-202510-862 Information

CNNVD ID

CNNVD-202510-862

Related CVE

CVE-2025-29192

• CNNVD Published: 2025-10-06

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.5之前版本存在安全漏洞，该漏洞源于FORM元素和INPUT元素存在跨站脚本，可能导致跨站脚本攻击。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. There was a security loophole in the previous version of Flowise 3.5, which stemmed from the presence of cross-site scripts of the FORM and INPUT elements, which could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FlowiseAI

Published

2025-10-06

Last Modified

2026-02-24

References

https://github.com/FlowiseAI/Flowise/pull/4905 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42

Patch

https://github.com/FlowiseAI/Flowise/releases