GHSA-4fr9-3x69-36wv: Flowise vulnerable to XSS

October 3, 2025 (updated November 10, 2025)

A XSS(cross-site scripting) vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code (HTML code or client-side Javascript code) into web pages, and when users browse these web pages, the malicious code will be executed, and the victims may be vulnerable to various attacks such as cookie data theft, etc.

References

github.com/FlowiseAI/Flowise
github.com/FlowiseAI/Flowise/security/advisories/GHSA-4fr9-3x69-36wv
github.com/advisories/GHSA-4fr9-3x69-36wv

Code Behaviors & Features

Detect and mitigate GHSA-4fr9-3x69-36wv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →