CVE-2024-37145 | FlowiseAI Flowise up to 1.4.3 404 Page id cross site scripting (GHSL-2023-232)

Posted by Angelo Barbosa | Jul 1, 2024 | CVE

A vulnerability classified as problematic has been found in FlowiseAI Flowise up to 1.4.3. Affected is an unknown function of the file /api/v1/chatflows-streaming/id of the component 404 Page. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2024-37145. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-37145 | FlowiseAI Flowise up to 1.4.3 404 Page id cross site scripting (GHSL-2023-232)

Related Posts

CVE-2023-51588 | Voltronic Power ViewPower Pro MySQL hard-coded credentials (ZDI-23-1893)

CVE-2024-3154 | cri-o Pod Annotation command injection

CVE-2023-6876 | Nayra Themes Clever Fox Plugin up to 25.2.0 on WordPress clever-fox-activate-theme authorization

CVE-2021-47379 | Linux Kernel up to 5.4.149/5.10.69/5.14.8 blk-cgroup bfq_io_set_weight_legacy use after free