all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/idFlowise is a drag...

Add to bookmarks
July 1, 2024, 6:19 p.m. |

CVE | THREATINT - NEW cve.threatint.com

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows...

amp api build cross-site flow interface language large large language model scripting streaming user interface version version 1 vulnerability xss

Visit resource

More from cve.threatint.com / CVE | THREATINT - NEW

playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 8 hours ago | cve.threatint.com
amp app file found +7
Red Lion Europe: mbNET.mini vulnerable to OS command injectionA high privileg... 8 hours ago | cve.threatint.com
attacker can command commands +8
Uncontrolled Resource Consumption vulnerability in MESbookUncontrolled Resour... 9 hours ago | cve.threatint.com
attacker can code inject +8
Information exposure vulnerability vulnerability in MESbookInformation exposu... 9 hours ago | cve.threatint.com
access api attacker changing +8
playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 10 hours ago | cve.threatint.com
amp app file found +5
Limited DoS due to permitting creating users with user-defined IDsMattermost ... 12 hours ago | cve.threatint.com
attacker defined dos fail +2
RemoteClusterFrame payloads are audit logged in fullMattermost versions 9.5.x... 12 hours ago | cve.threatint.com
access attacker audit audit logs +7
Creating posts with user-defined IDs permitted in CreatePost APIMattermost ve... 12 hours ago | cve.threatint.com
attacker defined fail ids +3
Timing attack during remote cluster token comparison when shared channels are... 12 hours ago | cve.threatint.com
attack cluster fail mattermost +4

Jobs in InfoSec / Cybersecurity

Find Talent

DHS Architecture Engineering Support

@ General Dynamics Information Technology | USA VA Home Office (VAHOME)
View on infosec-jobs.com

AWS DevOps Engineer

@ Booz Allen Hamilton | USA, VA, Alexandria (6361 Walker Ln)
View on infosec-jobs.com

Senior Engineering Manager | SI&WS

@ Boeing | USA - Saint Charles, MO
View on infosec-jobs.com

SOFTWARE ENGINEER III - Java Full Stack

@ Walmart | IN TN CHENNAI Home Office RMZ Millenia Biz Park
View on infosec-jobs.com

Senior, Software Engineer - Java Lead

@ Walmart | IN TN CHENNAI Home Office RMZ Millenia Biz Park
View on infosec-jobs.com

Full Stack Software Engineer (Associate/Mid-Level))

@ Boeing | USA - Mountain View, CA
View on infosec-jobs.com