Description
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Published: 2026-02-10
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch
AI Analysis

Impact

AgentFlow by Flowring contains a stored cross‑site scripting weakness that lets an authenticated remote attacker persistently inject malicious JavaScript into the application. When a victim later loads the affected pages, the injected script runs in the victim’s browser, potentially allowing session hijacking, data theft, or further client‑side attacks. The impact is primarily client‑side compromise, leading to possible theft of sensitive information or malicious interactions governed by the privileges of the logged‑in user.

Affected Systems

The affected product is Flowring’s AgentFlow. Versions older than 4.0.0.1878.877 are vulnerable; any deployment using those releases must be examined. No other vendors or products are listed as impacted by this issue.

Risk and Exploitability

The CVSS base score of 5.1 indicates moderate severity. The EPSS score below 1% suggests that exploitation is currently unlikely, and the vulnerability is not present in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector requires the attacker to first authenticate to AgentFlow, after which they can inject the persistent script. Once injected, the script will execute on every page load for any user viewing that content, providing the attacker with repeat access to client‑side capabilities.

Generated by OpenCVE AI on April 17, 2026 at 20:52 UTC.

Remediation

Vendor Solution

Update to version 4.0.0.1878.877 or later.

OpenCVE Recommended Actions

  • Update AgentFlow to version 4.0.0.1878.877 or later, as released by Flowring.
  • If a patch is not yet available, sanitize and properly escape any user‑supplied content before storing it or rendering it in web pages to prevent injection of malicious scripts.
  • Deploy a Content Security Policy that blocks inline scripts and restricts script sources to trusted origins, reducing the impact of any injected code.
  • Review authentication logs for unauthorized access attempts and enforce strict access controls on the application.

Generated by OpenCVE AI on April 17, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:flowring:agentflow:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Flowring
Flowring agentflow
Vendors & Products Flowring
Flowring agentflow

Tue, 10 Feb 2026 07:15:00 +0000

Type Values Removed Values Added
Description AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Title Flowring|AgentFlow - Stored Cross-Site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Flowring Agentflow
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-02-10T15:36:53.415Z

Reserved: 2026-02-06T11:02:51.775Z

Link: CVE-2026-2099

cve-icon Vulnrichment

Updated: 2026-02-10T15:36:45.457Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T07:16:14.700

Modified: 2026-02-13T20:48:06.110

Link: CVE-2026-2099

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses