CVE-2024-36422 | FlowiseAI Flowise up to 1.4.3 404 Page api/v1/chatflows/id cross site scripting (GHSL-2023-232)

Inserito da Angelo Barbosa | Lug 1, 2024 | CVE

A vulnerability was found in FlowiseAI Flowise up to 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/v1/chatflows/id of the component 404 Page. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2024-36422. The attack can be launched remotely. There is no exploit available.

CVE-2024-36422 | FlowiseAI Flowise up to 1.4.3 404 Page api/v1/chatflows/id cross site scripting (GHSL-2023-232)

Post correlati

CVE-2024-28747 | ifm Smart PLC AC14xx/Smart PLC AC4xxS up to 4.3.17 hard-coded credentials (VDE-2024-012)

CVE-2024-2616 | Mozilla Thunderbird up to 115.8 denial of service

CVE-2024-22021 | Veeam Recovery Orchestrator Plan information disclosure

CVE-2024-6532 | Sheet to Table Live Sync for Google Sheet Plugin up to 1.0.1 on WordPress Shortcode STWT_Sheet_Table cross site scripting