CVE-2025-51462 | RAGFlow 0.17.2 api.apps.dialog_app.set_dialog assistant greeting cross site scripting

Inserito da Angelo Barbosa | Lug 22, 2025 | CVE

A vulnerability was found in RAGFlow 0.17.2. It has been classified as problematic. This affects the function api.apps.dialog_app.set_dialog. The manipulation of the argument assistant greeting leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-51462. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-51462 | RAGFlow 0.17.2 api.apps.dialog_app.set_dialog assistant greeting cross site scripting

Post correlati

CVE-2024-56333 | InseeFrLab onyxia up to 2.8.1/3.1.0/4.1.x code injection (GHSA-qmcw-h4f9-j3h3)

CVE-2024-29028 | usememos up to 0.16.0 /o/get/httpmeta server-side request forgery

CVE-2025-23106 | Samsung Mobile Processor Exynos 1480/2200/2400 use after free

CVE-2023-43996 | mini-app on Line 13.6.1 Channel Access Token information disclosure