CVE ID :CVE-2025-71331
Published : June 20, 2026, 3:24 p.m. | 2 hours, 11 minutes ago
Description :Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g.,
Published : June 20, 2026, 3:24 p.m. | 2 hours, 11 minutes ago
Description :Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g.,