Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel

GHSA-7rgr-72hp-9wp3

Published Oct 6, 2025 · Modified Oct 8, 2025

Description

This advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references.

Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.

Ready to move

Free, no credit card | First findings in minutes