CVE-2024-9148

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 30, 2024
CWE ID 79

Summary

CVE-2024-9148 identifies a Stored Cross-Site Scripting vulnerability in Flowise versions prior to 2.1.1, affecting the Chat Embed component before version 2.0.0 due to insufficient input sanitization. This vulnerability has a critical severity rating with a CVSS score of 9.6, indicating high impacts on confidentiality, integrity, and availability, while requiring user interaction for exploitation. Organizations utilizing affected Flowise products are at risk of unauthorized access and data manipulation through network-based attacks. To remediate this vulnerability, users should upgrade to Flowise version 2.1.1 or higher to ensure proper input handling and mitigate the associated risks. For further information on this vulnerability and its exploitation potential, users can refer to security advisories such as those available from Tenable.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share