CVE-2024-9148

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
References
Link Resource
https://www.tenable.com/security/research/tra-2024-40 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:flowiseai:embed:*:*:*:*:*:*:*:*
cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*

History

30 Sep 2024, 17:34

Type Values Removed Values Added
References () https://www.tenable.com/security/research/tra-2024-40 - () https://www.tenable.com/security/research/tra-2024-40 - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 6.1
First Time Flowiseai
Flowiseai embed
Flowiseai flowise
CPE cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
cpe:2.3:a:flowiseai:embed:*:*:*:*:*:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Flowise &lt; 2.1.1 sufre una vulnerabilidad de Cross-Site almacenado debido a una falta de desinfección de entrada en Flowise Chat Embed &lt; 2.0.0.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-09-30 17:34


NVD link : CVE-2024-9148

Mitre link : CVE-2024-9148

CVE.ORG link : CVE-2024-9148


JSON object : View

Products Affected

flowiseai

  • flowise
  • embed
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')