Description
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
Published: 2026-06-20
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Flowise versions earlier than 3.0.8 contain a cross‑site scripting vulnerability caused by inadequate input filtering in chat messages and custom agent functions. An attacker can insert a malicious iframe payload or have a custom agent return disallowed JavaScript from an external source. When the victim views the chat content, the injected script runs in their browser, allowing the attacker to steal cookies, session identifiers, and other sensitive information stored in the browser. This flaw is a classic example of client‑side script injection (CWE‑80).

Affected Systems

All deployments of Flowise running a version prior to 3.0.8 are affected; versions 3.0.8 and later do not include the flaw. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate risk; exploitation requires the attacker to send a crafted message or agent response that the victim subsequently views. The vulnerability is exploitable over the network through the chat interface and does not provide direct server‑side code execution. EPSS is not available, and the vulnerability is currently not listed in the CISA KEV catalog. Attackers would exploit this by targeting users who view chat or agent responses to obtain session credentials.

Generated by OpenCVE AI on June 20, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.0.8 or later.
  • Sanitize all chat input and any output from custom agent functions to escape HTML and strip JavaScript protocols such as javascript: before rendering.
  • Implement a content security policy that disallows inline scripts and blocks the execution of javascript URLs to reduce the impact of any residual payloads.

Generated by OpenCVE AI on June 20, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 20 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Description Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
Title Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows
First Time appeared Flowiseai
Flowiseai flowise
Weaknesses CWE-80
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-20T15:24:39.877Z

Reserved: 2026-06-19T12:57:55.856Z

Link: CVE-2025-71331

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T17:30:08Z

Weaknesses
  • CWE-80

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)