CVE-2025-51462 | RAGFlow 0.17.2 api.apps.dialog_app.set_dialog assistant greeting cross site scripting

Inserito da Angelo Barbosa | Lug 22, 2025 | CVE

A vulnerability was found in RAGFlow 0.17.2. It has been classified as problematic. This affects the function api.apps.dialog_app.set_dialog. The manipulation of the argument assistant greeting leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-51462. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-51462 | RAGFlow 0.17.2 api.apps.dialog_app.set_dialog assistant greeting cross site scripting

Post correlati

CVE-2024-51175 | H3C Switch H3C-S1526 S1526.cfg information disclosure

CVE-2025-46339 | FreshRSS up to 1.26.1 Feed Favicon acceptance of extraneous untrusted data with trusted data (GHSA-8f79-3q3w-43c4)

CVE-2024-51735 | j3ssie osmedeus up to 4.6.4 cross site scripting (GHSA-wvv7-wm5v-w2gv)

CVE-2024-31235 | WebToffee Comments Import & Export Plugin up to 2.3.5 on WordPress cross-site request forgery