CVE-2025-29192

High CVSS: 8.2

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

Vendor

Product

CWE

Yayın Tarihi

2025-10-06 02:15:40

Güncelleme

2025-10-07 17:03:25

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Flowise HIGH Flowiseai 2025

https://github.com/FlowiseAI/Flowise/pull/4905 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42

High

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose…

High

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there…

High

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NV…

High

CVE-2026-30822

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauth…

High

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis…

High

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a…