漏洞 CVE-2024-36422 開發

https://inthewild.io/vuln/CVE-2024-36422

CVE-2024-36422 Exploit Summary:
Flowise version 1.4.3 has a reflected cross-site scripting (XSS) vulnerability in the `api/v1/chatflows/id` endpoint, allowing unauthenticated attackers to inject Javascript into user sessions. This may lead to data theft, popups, or redirection to malicious sites. No patches are currently available. More info: https://securitylab.github.com/advisories/GHSL-2023-232_GHSL-2023-234_Flowise/

via inTheWild.io Exploits

July 4, 2024 at 01:14AM

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *