CVE-2024-37146 | FlowiseAI Flowise up to 1.4.3 404 Page /api/v1/credentials/id cross site scripting (GHSL-2023-232)

Posted by Angelo Barbosa | Jul 1, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in FlowiseAI Flowise up to 1.4.3. Affected by this issue is some unknown functionality of the file /api/v1/credentials/id of the component 404 Page. The manipulation leads to cross site scripting.

This vulnerability is handled as CVE-2024-37146. The attack may be launched remotely. There is no exploit available.

CVE-2024-37146 | FlowiseAI Flowise up to 1.4.3 404 Page /api/v1/credentials/id cross site scripting (GHSL-2023-232)

Related Posts

CVE-2024-29390 | Daily Expenses Management System 1.0 add-expense.php item sql injection

CVE-2023-46359 | Hardy Barth cPH2 eCharge Ladestation up to 1.87.0 Connectivity Check os command injection

CVE-2024-37387 | Ricoh Streamline NX PC Client up to 3.6.100.53 potentially dangerous function (ricoh-2024-000007)

CVE-2024-4430 | Beaver Builder Plugin up to 2.8.1.2 on WordPress Photo Widget crop cross site scripting